################################################################ # abuse.ch URLhaus IDS ruleset (Snort / Suricata) # # Last updated: 2025-02-11 15:49:13 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.243.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436254/; classtype:trojan-activity;sid:84299354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436253)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.114.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436253/; classtype:trojan-activity;sid:84299353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436251)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"93.127.132.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436251/; classtype:trojan-activity;sid:84299351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.197.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436250/; classtype:trojan-activity;sid:84299350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.250.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436225/; classtype:trojan-activity;sid:84299325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436223)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.212.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436223/; classtype:trojan-activity;sid:84299323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.25.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436222/; classtype:trojan-activity;sid:84299322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436221)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.35.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436221/; classtype:trojan-activity;sid:84299321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436220)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.0.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436220/; classtype:trojan-activity;sid:84299320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.97.160.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436219/; classtype:trojan-activity;sid:84299319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436218)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.114.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436218/; classtype:trojan-activity;sid:84299318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.217.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436217/; classtype:trojan-activity;sid:84299317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.31.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436215/; classtype:trojan-activity;sid:84299315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436214)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.12.10"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436214/; classtype:trojan-activity;sid:84299314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.217.23.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436213/; classtype:trojan-activity;sid:84299313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.37.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436212/; classtype:trojan-activity;sid:84299312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.227.108.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436211/; classtype:trojan-activity;sid:84299311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.97.160.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436210/; classtype:trojan-activity;sid:84299310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.25.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436209/; classtype:trojan-activity;sid:84299309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.247.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436208/; classtype:trojan-activity;sid:84299308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.187.82.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436207/; classtype:trojan-activity;sid:84299307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.56.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436206/; classtype:trojan-activity;sid:84299306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.114.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436205/; classtype:trojan-activity;sid:84299305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436203)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.251.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436203/; classtype:trojan-activity;sid:84299303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.253.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436202/; classtype:trojan-activity;sid:84299302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436198)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.103.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436198/; classtype:trojan-activity;sid:84299298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436197)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.52.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436197/; classtype:trojan-activity;sid:84299297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.37.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436196/; classtype:trojan-activity;sid:84299296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.216.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436195/; classtype:trojan-activity;sid:84299295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436186)"; flow:established,from_client; content:"GET"; http_method; content:"/dlink"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.93.89.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436186/; classtype:trojan-activity;sid:84299286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436187)"; flow:established,from_client; content:"GET"; http_method; content:"/goahead.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.93.89.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436187/; classtype:trojan-activity;sid:84299287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436188)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.93.89.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436188/; classtype:trojan-activity;sid:84299288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436189)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.93.89.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436189/; classtype:trojan-activity;sid:84299289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436190)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.93.89.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436190/; classtype:trojan-activity;sid:84299290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436191)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.93.89.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436191/; classtype:trojan-activity;sid:84299291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.65.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436184/; classtype:trojan-activity;sid:84299284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436183)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.93.89.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436183/; classtype:trojan-activity;sid:84299283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436167)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.93.89.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436167/; classtype:trojan-activity;sid:84299267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436168)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.93.89.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436168/; classtype:trojan-activity;sid:84299268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436169)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.93.89.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436169/; classtype:trojan-activity;sid:84299269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436170)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.93.89.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436170/; classtype:trojan-activity;sid:84299270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436171)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.93.89.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436171/; classtype:trojan-activity;sid:84299271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436172)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.93.89.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436172/; classtype:trojan-activity;sid:84299272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436173)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.93.89.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436173/; classtype:trojan-activity;sid:84299273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436174)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.93.89.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436174/; classtype:trojan-activity;sid:84299274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436175)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.93.89.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436175/; classtype:trojan-activity;sid:84299275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436176)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.93.89.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436176/; classtype:trojan-activity;sid:84299276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436177)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.93.89.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436177/; classtype:trojan-activity;sid:84299277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436178)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.93.89.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436178/; classtype:trojan-activity;sid:84299278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436179)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.93.89.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436179/; classtype:trojan-activity;sid:84299279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436180)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.93.89.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436180/; classtype:trojan-activity;sid:84299280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436181)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.93.89.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436181/; classtype:trojan-activity;sid:84299281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436182)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.93.89.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436182/; classtype:trojan-activity;sid:84299282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.31.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436166/; classtype:trojan-activity;sid:84299266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.41.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436165/; classtype:trojan-activity;sid:84299265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.217.23.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436164/; classtype:trojan-activity;sid:84299264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436162)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.224.0.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436162/; classtype:trojan-activity;sid:84299262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.123.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436160/; classtype:trojan-activity;sid:84299260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.166.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436161/; classtype:trojan-activity;sid:84299261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.43.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436159/; classtype:trojan-activity;sid:84299259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.197.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436158/; classtype:trojan-activity;sid:84299258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.227.108.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436157/; classtype:trojan-activity;sid:84299257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.251.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436156/; classtype:trojan-activity;sid:84299256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.123.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436154/; classtype:trojan-activity;sid:84299254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.245.2.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436153/; classtype:trojan-activity;sid:84299253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.253.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436152/; classtype:trojan-activity;sid:84299252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436151)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.151.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436151/; classtype:trojan-activity;sid:84299251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.43.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436150/; classtype:trojan-activity;sid:84299250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.41.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436149/; classtype:trojan-activity;sid:84299249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.81.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436148/; classtype:trojan-activity;sid:84299248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.87.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436147/; classtype:trojan-activity;sid:84299247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436146)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.171.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436146/; classtype:trojan-activity;sid:84299246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436145)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.138.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436145/; classtype:trojan-activity;sid:84299245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436143)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.165.93.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436143/; classtype:trojan-activity;sid:84299243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436144)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.64.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436144/; classtype:trojan-activity;sid:84299244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436142)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.141.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436142/; classtype:trojan-activity;sid:84299242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.68.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436139/; classtype:trojan-activity;sid:84299239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.164.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436138/; classtype:trojan-activity;sid:84299238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436137)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.93.89.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436137/; classtype:trojan-activity;sid:84299237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436135)"; flow:established,from_client; content:"GET"; http_method; content:"/files/c0dxnfz/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436135/; classtype:trojan-activity;sid:84299235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.252.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436132/; classtype:trojan-activity;sid:84299232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.251.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436131/; classtype:trojan-activity;sid:84299231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436128)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique2/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436128/; classtype:trojan-activity;sid:84299228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436129)"; flow:established,from_client; content:"GET"; http_method; content:"/testdef/random.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436129/; classtype:trojan-activity;sid:84299229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436130)"; flow:established,from_client; content:"GET"; http_method; content:"/defend/random.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436130/; classtype:trojan-activity;sid:84299230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436126)"; flow:established,from_client; content:"GET"; http_method; content:"/test/am_no.bat"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436126/; classtype:trojan-activity;sid:84299226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436127)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6691015685/bjkm5he.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436127/; classtype:trojan-activity;sid:84299227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436120/; classtype:trojan-activity;sid:84299220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436119)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.218.164.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436119/; classtype:trojan-activity;sid:84299219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.187.82.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436118/; classtype:trojan-activity;sid:84299218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436117)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1453454495/fe36xbk.exe|3f|"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436117/; classtype:trojan-activity;sid:84299217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436116)"; flow:established,from_client; content:"GET"; http_method; content:"/files/2116916553/wvek4j1.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436116/; classtype:trojan-activity;sid:84299216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.160.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436106/; classtype:trojan-activity;sid:84299206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436105)"; flow:established,from_client; content:"GET"; http_method; content:"/cenario/castanha3.png"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"acesso-digital-br.pro"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436105/; classtype:trojan-activity;sid:84299205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436104)"; flow:established,from_client; content:"GET"; http_method; content:"/cenario/castanha2.png"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"acesso-digital-br.pro"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436104/; classtype:trojan-activity;sid:84299204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436103)"; flow:established,from_client; content:"GET"; http_method; content:"/cenario/castanha1.png"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"acesso-digital-br.pro"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436103/; classtype:trojan-activity;sid:84299203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436101)"; flow:established,from_client; content:"GET"; http_method; content:"/belyy-git/karahook/raw/master/chsztdjvl.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436101/; classtype:trojan-activity;sid:84299201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436102/; classtype:trojan-activity;sid:84299202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.140.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436100/; classtype:trojan-activity;sid:84299200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.253.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436099/; classtype:trojan-activity;sid:84299199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436097)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf22.hta"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"upload.venomtools.in"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436097/; classtype:trojan-activity;sid:84299197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436096)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf11.hta"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"upload.venomtools.in"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436096/; classtype:trojan-activity;sid:84299196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436095)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.159.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436095/; classtype:trojan-activity;sid:84299195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436094)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.144.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436094/; classtype:trojan-activity;sid:84299194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436092)"; flow:established,from_client; content:"GET"; http_method; content:"/lakrica0/asdfqw/main/wind.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436092/; classtype:trojan-activity;sid:84299192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.156.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436089/; classtype:trojan-activity;sid:84299189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.245.2.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436088/; classtype:trojan-activity;sid:84299188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.100.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436086/; classtype:trojan-activity;sid:84299186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.58.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436087/; classtype:trojan-activity;sid:84299187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436085)"; flow:established,from_client; content:"GET"; http_method; content:"/qtga/file"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"oshi.at"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436085/; classtype:trojan-activity;sid:84299185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436078)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.186.216.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436078/; classtype:trojan-activity;sid:84299178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436076)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.133.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436076/; classtype:trojan-activity;sid:84299176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.253.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436074/; classtype:trojan-activity;sid:84299174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436073)"; flow:established,from_client; content:"GET"; http_method; content:"/sdur/tswy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"oshi.at"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436073/; classtype:trojan-activity;sid:84299173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.100.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436072/; classtype:trojan-activity;sid:84299172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.87.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436071/; classtype:trojan-activity;sid:84299171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.156.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436069/; classtype:trojan-activity;sid:84299169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436067)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.4.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436067/; classtype:trojan-activity;sid:84299167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436066)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.111.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436066/; classtype:trojan-activity;sid:84299166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.160.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436064/; classtype:trojan-activity;sid:84299164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436060)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436060/; classtype:trojan-activity;sid:84299160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436059)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.155.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436059/; classtype:trojan-activity;sid:84299159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.11.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436058/; classtype:trojan-activity;sid:84299158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.83.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436057/; classtype:trojan-activity;sid:84299157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.182.145.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436056/; classtype:trojan-activity;sid:84299156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.140.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436055/; classtype:trojan-activity;sid:84299155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.187.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436054/; classtype:trojan-activity;sid:84299154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436053)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.5.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436053/; classtype:trojan-activity;sid:84299153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.233.254.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436052/; classtype:trojan-activity;sid:84299152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.87.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436050/; classtype:trojan-activity;sid:84299150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436051)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.182.145.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436051/; classtype:trojan-activity;sid:84299151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.227.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436048/; classtype:trojan-activity;sid:84299148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.83.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436047/; classtype:trojan-activity;sid:84299147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436040)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.231.157.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436040/; classtype:trojan-activity;sid:84299140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436039)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.120.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436039/; classtype:trojan-activity;sid:84299139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.160.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436038/; classtype:trojan-activity;sid:84299138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.107.98.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436037/; classtype:trojan-activity;sid:84299137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.140.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436036/; classtype:trojan-activity;sid:84299136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.246.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436035/; classtype:trojan-activity;sid:84299135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.187.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436034/; classtype:trojan-activity;sid:84299134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.9.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436033/; classtype:trojan-activity;sid:84299133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.147.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436032/; classtype:trojan-activity;sid:84299132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.129.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436030/; classtype:trojan-activity;sid:84299130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.16.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436029/; classtype:trojan-activity;sid:84299129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.144.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436028/; classtype:trojan-activity;sid:84299128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.57.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436027/; classtype:trojan-activity;sid:84299127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.235.232.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436026/; classtype:trojan-activity;sid:84299126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.147.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436025/; classtype:trojan-activity;sid:84299125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.85.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436024/; classtype:trojan-activity;sid:84299124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.239.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436023/; classtype:trojan-activity;sid:84299123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.233.254.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436022/; classtype:trojan-activity;sid:84299122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.147.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436021/; classtype:trojan-activity;sid:84299121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.122.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436020/; classtype:trojan-activity;sid:84299120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.235.232.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436017/; classtype:trojan-activity;sid:84299117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436016)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.93.89.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436016/; classtype:trojan-activity;sid:84299116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436014)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.93.89.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436014/; classtype:trojan-activity;sid:84299114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.72.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436012/; classtype:trojan-activity;sid:84299112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.34.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436011/; classtype:trojan-activity;sid:84299111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.232.67.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436010/; classtype:trojan-activity;sid:84299110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.173.85.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436008/; classtype:trojan-activity;sid:84299108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436007/; classtype:trojan-activity;sid:84299107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.39.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436005/; classtype:trojan-activity;sid:84299105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.232.67.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436004/; classtype:trojan-activity;sid:84299104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.110.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436003/; classtype:trojan-activity;sid:84299103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.133.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436002/; classtype:trojan-activity;sid:84299102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.227.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436001/; classtype:trojan-activity;sid:84299101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.39.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436000/; classtype:trojan-activity;sid:84299100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.218.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435998/; classtype:trojan-activity;sid:84299098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.28.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435997/; classtype:trojan-activity;sid:84299097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.224.197.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435996/; classtype:trojan-activity;sid:84299096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.74.120.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435995/; classtype:trojan-activity;sid:84299095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.133.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435994/; classtype:trojan-activity;sid:84299094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.219.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435993/; classtype:trojan-activity;sid:84299093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435990)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.203.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435990/; classtype:trojan-activity;sid:84299090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435987)"; flow:established,from_client; content:"GET"; http_method; content:"/10022025/s"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435987/; classtype:trojan-activity;sid:84299087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435986)"; flow:established,from_client; content:"GET"; http_method; content:"/10022025/v"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435986/; classtype:trojan-activity;sid:84299086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.55.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435985/; classtype:trojan-activity;sid:84299085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.227.7.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435983/; classtype:trojan-activity;sid:84299083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.229.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435981/; classtype:trojan-activity;sid:84299081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.138.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435980/; classtype:trojan-activity;sid:84299080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.219.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435979/; classtype:trojan-activity;sid:84299079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.4.254.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435978/; classtype:trojan-activity;sid:84299078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435977/; classtype:trojan-activity;sid:84299077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435976)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.57.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435976/; classtype:trojan-activity;sid:84299076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"63.142.81.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435975/; classtype:trojan-activity;sid:84299075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.40.80.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435974/; classtype:trojan-activity;sid:84299074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.224.197.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435972/; classtype:trojan-activity;sid:84299072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.174.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435971/; classtype:trojan-activity;sid:84299071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435969)"; flow:established,from_client; content:"GET"; http_method; content:"/779/seemybestthingstodowithbest.txt"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"185.29.9.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435969/; classtype:trojan-activity;sid:84299069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435968)"; flow:established,from_client; content:"GET"; http_method; content:"/779/seemybestthingstodowithbestgoinggood.gif"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"185.29.9.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435968/; classtype:trojan-activity;sid:84299068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435965)"; flow:established,from_client; content:"GET"; http_method; content:"/api/file/get|3f|filekey=z1aatexlynbvuazgmlsszgtu_jnutcs5mt-8qkpqqkiphresqp2jwgds1fw|7c|26|7c|skipreg=true|7c|26|7c|pk_vid=342803d1cc4e3b801739205123b5fe9d"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"1007.filemail.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435965/; classtype:trojan-activity;sid:84299065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435964)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.161.168.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435964/; classtype:trojan-activity;sid:84299064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435963)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.229.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435963/; classtype:trojan-activity;sid:84299063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435960)"; flow:established,from_client; content:"GET"; http_method; content:"/nevermiss11111/passat/raw/refs/heads/main/nevermiss.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435960/; classtype:trojan-activity;sid:84299060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435961)"; flow:established,from_client; content:"GET"; http_method; content:"/nevermiss11111/passat/raw/refs/heads/main/passathook.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435961/; classtype:trojan-activity;sid:84299061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435959)"; flow:established,from_client; content:"GET"; http_method; content:"/nevermiss11111/passat/refs/heads/main/passathook.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435959/; classtype:trojan-activity;sid:84299059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435958)"; flow:established,from_client; content:"GET"; http_method; content:"/0x699/upms/refs/heads/main/winlog32.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435958/; classtype:trojan-activity;sid:84299058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435951)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/ed.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435951/; classtype:trojan-activity;sid:84299051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435952)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/devil.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435952/; classtype:trojan-activity;sid:84299052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435953)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/edd.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435953/; classtype:trojan-activity;sid:84299053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435954)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/dev.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435954/; classtype:trojan-activity;sid:84299054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435955)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/codeeee.ps1"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435955/; classtype:trojan-activity;sid:84299055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435956)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/ik.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435956/; classtype:trojan-activity;sid:84299056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435957)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/emg.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435957/; classtype:trojan-activity;sid:84299057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435950)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.209.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435950/; classtype:trojan-activity;sid:84299050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435946)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.247.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435946/; classtype:trojan-activity;sid:84299046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435944)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"167.179.148.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435944/; classtype:trojan-activity;sid:84299044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435940)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5643377291/7fomotq.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435940/; classtype:trojan-activity;sid:84299040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435939)"; flow:established,from_client; content:"GET"; http_method; content:"/files/2116916553/wvek4j1.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435939/; classtype:trojan-activity;sid:84299039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.182.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435934/; classtype:trojan-activity;sid:84299034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.175.66.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435932/; classtype:trojan-activity;sid:84299032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435931)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.178.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435931/; classtype:trojan-activity;sid:84299031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.94.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435930/; classtype:trojan-activity;sid:84299030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435929)"; flow:established,from_client; content:"GET"; http_method; content:"/file/9da34943db0921b6eb7a6d15631b055d.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"user-uploads.perchance.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435929/; classtype:trojan-activity;sid:84299029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435928)"; flow:established,from_client; content:"GET"; http_method; content:"/files/reversesheller/random.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"185.215.113.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435928/; classtype:trojan-activity;sid:84299028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435926)"; flow:established,from_client; content:"GET"; http_method; content:"/files/martin3/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435926/; classtype:trojan-activity;sid:84299026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435927)"; flow:established,from_client; content:"GET"; http_method; content:"/timeupdate.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.11.61.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435927/; classtype:trojan-activity;sid:84299027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435925)"; flow:established,from_client; content:"GET"; http_method; content:"/files/martin1/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435925/; classtype:trojan-activity;sid:84299025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435922)"; flow:established,from_client; content:"GET"; http_method; content:"/files/lostrobotic/random.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435922/; classtype:trojan-activity;sid:84299022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435923)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7244183739/l5shrfh.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435923/; classtype:trojan-activity;sid:84299023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435920)"; flow:established,from_client; content:"GET"; http_method; content:"/files/osint1618/random.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435920/; classtype:trojan-activity;sid:84299020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435919)"; flow:established,from_client; content:"GET"; http_method; content:"/files/fate/random.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435919/; classtype:trojan-activity;sid:84299019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435913)"; flow:established,from_client; content:"GET"; http_method; content:"/files/rast333a/random.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435913/; classtype:trojan-activity;sid:84299013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435914)"; flow:established,from_client; content:"GET"; http_method; content:"/files/asjduwgsgausi/random.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.215.113.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435914/; classtype:trojan-activity;sid:84299014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435915)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5765828710/vigga8c.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435915/; classtype:trojan-activity;sid:84299015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435916)"; flow:established,from_client; content:"GET"; http_method; content:"/files/none/random.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435916/; classtype:trojan-activity;sid:84299016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435917)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1453454495/fe36xbk.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435917/; classtype:trojan-activity;sid:84299017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435910)"; flow:established,from_client; content:"GET"; http_method; content:"/last.ps1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"207.231.111.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435910/; classtype:trojan-activity;sid:84299010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435907)"; flow:established,from_client; content:"GET"; http_method; content:"/babskai/vir-s/raw/refs/heads/main/aaa%20(3).exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435907/; classtype:trojan-activity;sid:84299007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435905)"; flow:established,from_client; content:"GET"; http_method; content:"/779/sedw/seemybestthingstodowithbestgoinggood.hta"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"185.29.9.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435905/; classtype:trojan-activity;sid:84299005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.182.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435903/; classtype:trojan-activity;sid:84299003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435900)"; flow:established,from_client; content:"GET"; http_method; content:"/file/8377_9619.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"62.60.226.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435900/; classtype:trojan-activity;sid:84299000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435901)"; flow:established,from_client; content:"GET"; http_method; content:"/file/5903_4614.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"62.60.226.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435901/; classtype:trojan-activity;sid:84299001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435899)"; flow:established,from_client; content:"GET"; http_method; content:"/file/5689_4833.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"62.60.226.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435899/; classtype:trojan-activity;sid:84298999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435898)"; flow:established,from_client; content:"GET"; http_method; content:"/file/9358_8410.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"62.60.226.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435898/; classtype:trojan-activity;sid:84298998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.235.106.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435897/; classtype:trojan-activity;sid:84298997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.158.161.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435896/; classtype:trojan-activity;sid:84298996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.94.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435895/; classtype:trojan-activity;sid:84298995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.153.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435893/; classtype:trojan-activity;sid:84298993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.131.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435892/; classtype:trojan-activity;sid:84298992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.134.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435890/; classtype:trojan-activity;sid:84298990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.28.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435889/; classtype:trojan-activity;sid:84298989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435887)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.31.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435887/; classtype:trojan-activity;sid:84298987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435886)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.156.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435886/; classtype:trojan-activity;sid:84298986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.106.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435885/; classtype:trojan-activity;sid:84298985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.158.161.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435884/; classtype:trojan-activity;sid:84298984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.28.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435883/; classtype:trojan-activity;sid:84298983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.134.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435881/; classtype:trojan-activity;sid:84298981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435880/; classtype:trojan-activity;sid:84298980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.131.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435878/; classtype:trojan-activity;sid:84298978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.254.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435877/; classtype:trojan-activity;sid:84298977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.9.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435875/; classtype:trojan-activity;sid:84298975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.179.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435872/; classtype:trojan-activity;sid:84298972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435869)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435869/; classtype:trojan-activity;sid:84298969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435868)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.182.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435868/; classtype:trojan-activity;sid:84298968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.180.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435867/; classtype:trojan-activity;sid:84298967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.248.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435866/; classtype:trojan-activity;sid:84298966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.254.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435863/; classtype:trojan-activity;sid:84298963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.109.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435862/; classtype:trojan-activity;sid:84298962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.160.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435861/; classtype:trojan-activity;sid:84298961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.64.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435859/; classtype:trojan-activity;sid:84298959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435857)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"161.248.55.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435857/; classtype:trojan-activity;sid:84298957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.179.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435856/; classtype:trojan-activity;sid:84298956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.9.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435855/; classtype:trojan-activity;sid:84298955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.83.34.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435854/; classtype:trojan-activity;sid:84298954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.189.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435851/; classtype:trojan-activity;sid:84298951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.180.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435849/; classtype:trojan-activity;sid:84298949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.180.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435847/; classtype:trojan-activity;sid:84298947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435846)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.53.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435846/; classtype:trojan-activity;sid:84298946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435844)"; flow:established,from_client; content:"GET"; http_method; content:"/d/4prjrygx/0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435844/; classtype:trojan-activity;sid:84298944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435842)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.14.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435842/; classtype:trojan-activity;sid:84298942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.36.148.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435840/; classtype:trojan-activity;sid:84298940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435839)"; flow:established,from_client; content:"GET"; http_method; content:"/imported/sukufxwo.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"bolsterflipgaming.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435839/; classtype:trojan-activity;sid:84298939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435833)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.64.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435833/; classtype:trojan-activity;sid:84298933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.255.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435830/; classtype:trojan-activity;sid:84298930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.36.148.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435828/; classtype:trojan-activity;sid:84298928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.146.92.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435826/; classtype:trojan-activity;sid:84298926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435825)"; flow:established,from_client; content:"GET"; http_method; content:"/api/file/get|3f|filekey=jzwehajpxkllzgzfhyvaqmaoenh1qwv8asen43rnh8wogqxgln5yggekh9ega97ggclxqg|7c|26|7c|pk_vid=342803d1cc4e3b801738882495b5fe9d"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"1008.filemail.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435825/; classtype:trojan-activity;sid:84298925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.53.250.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435824/; classtype:trojan-activity;sid:84298924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435820)"; flow:established,from_client; content:"GET"; http_method; content:"/rtpkyy.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435820/; classtype:trojan-activity;sid:84298920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.41.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435818/; classtype:trojan-activity;sid:84298918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435816)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.36.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435816/; classtype:trojan-activity;sid:84298916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435815)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.9.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435815/; classtype:trojan-activity;sid:84298915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"168.195.7.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435813/; classtype:trojan-activity;sid:84298913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.255.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435812/; classtype:trojan-activity;sid:84298912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.251.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435810/; classtype:trojan-activity;sid:84298910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.246.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435809/; classtype:trojan-activity;sid:84298909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.193.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435808/; classtype:trojan-activity;sid:84298908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.58.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435806/; classtype:trojan-activity;sid:84298906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.56.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435803/; classtype:trojan-activity;sid:84298903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.131.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435801/; classtype:trojan-activity;sid:84298901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.25.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435799/; classtype:trojan-activity;sid:84298899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435793)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435793/; classtype:trojan-activity;sid:84298893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435792)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.124.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435792/; classtype:trojan-activity;sid:84298892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435791)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.107.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435791/; classtype:trojan-activity;sid:84298891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.56.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435789/; classtype:trojan-activity;sid:84298889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.251.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435788/; classtype:trojan-activity;sid:84298888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.118.146.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435787/; classtype:trojan-activity;sid:84298887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.195.7.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435785/; classtype:trojan-activity;sid:84298885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.204.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435784/; classtype:trojan-activity;sid:84298884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.24.131.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435783/; classtype:trojan-activity;sid:84298883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.53.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435780/; classtype:trojan-activity;sid:84298880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.114.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435781/; classtype:trojan-activity;sid:84298881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.131.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435779/; classtype:trojan-activity;sid:84298879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.118.146.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435775/; classtype:trojan-activity;sid:84298875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.133.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435774/; classtype:trojan-activity;sid:84298874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435771)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.204.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435771/; classtype:trojan-activity;sid:84298871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.153.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435772/; classtype:trojan-activity;sid:84298872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435770)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.242.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435770/; classtype:trojan-activity;sid:84298870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435769)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.212.110.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435769/; classtype:trojan-activity;sid:84298869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.255.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435764/; classtype:trojan-activity;sid:84298864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.190.97.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435761/; classtype:trojan-activity;sid:84298861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.91.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435759/; classtype:trojan-activity;sid:84298859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.40.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435758/; classtype:trojan-activity;sid:84298858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.53.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435757/; classtype:trojan-activity;sid:84298857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.91.143.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435756/; classtype:trojan-activity;sid:84298856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.221.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435755/; classtype:trojan-activity;sid:84298855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.27.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435754/; classtype:trojan-activity;sid:84298854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.153.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435753/; classtype:trojan-activity;sid:84298853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.190.97.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435751/; classtype:trojan-activity;sid:84298851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.125.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435748/; classtype:trojan-activity;sid:84298848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.86.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435747/; classtype:trojan-activity;sid:84298847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.255.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435745/; classtype:trojan-activity;sid:84298845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435742/; classtype:trojan-activity;sid:84298842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.208.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435741/; classtype:trojan-activity;sid:84298841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.91.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435740/; classtype:trojan-activity;sid:84298840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.56.146.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435738/; classtype:trojan-activity;sid:84298838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.227.21.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435739/; classtype:trojan-activity;sid:84298839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.8.31.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435737/; classtype:trojan-activity;sid:84298837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.150.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435735/; classtype:trojan-activity;sid:84298835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.167.124.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435736/; classtype:trojan-activity;sid:84298836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"157.20.228.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435732/; classtype:trojan-activity;sid:84298832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.86.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435730/; classtype:trojan-activity;sid:84298830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.27.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435731/; classtype:trojan-activity;sid:84298831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435729)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435729/; classtype:trojan-activity;sid:84298829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.86.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435727/; classtype:trojan-activity;sid:84298827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.37.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435725/; classtype:trojan-activity;sid:84298825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.153.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435722/; classtype:trojan-activity;sid:84298822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.133.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435723/; classtype:trojan-activity;sid:84298823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.221.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435724/; classtype:trojan-activity;sid:84298824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.69.105.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435721/; classtype:trojan-activity;sid:84298821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.86.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435719/; classtype:trojan-activity;sid:84298819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435718)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.75.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435718/; classtype:trojan-activity;sid:84298818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435717)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.243.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435717/; classtype:trojan-activity;sid:84298817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.150.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435714/; classtype:trojan-activity;sid:84298814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.169.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435712/; classtype:trojan-activity;sid:84298812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.208.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435713/; classtype:trojan-activity;sid:84298813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.111.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435709/; classtype:trojan-activity;sid:84298809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.41.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435705/; classtype:trojan-activity;sid:84298805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.30.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435706/; classtype:trojan-activity;sid:84298806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.139.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435704/; classtype:trojan-activity;sid:84298804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.20.228.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435702/; classtype:trojan-activity;sid:84298802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.39.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435700/; classtype:trojan-activity;sid:84298800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.173.85.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435698/; classtype:trojan-activity;sid:84298798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.246.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435697/; classtype:trojan-activity;sid:84298797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.30.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435695/; classtype:trojan-activity;sid:84298795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.197.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435694/; classtype:trojan-activity;sid:84298794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.111.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435691/; classtype:trojan-activity;sid:84298791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.152.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435688/; classtype:trojan-activity;sid:84298788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.148.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435686/; classtype:trojan-activity;sid:84298786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.42.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435683/; classtype:trojan-activity;sid:84298783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.126.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435681/; classtype:trojan-activity;sid:84298781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.87.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435679/; classtype:trojan-activity;sid:84298779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435678)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.240.195.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435678/; classtype:trojan-activity;sid:84298778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.148.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435671/; classtype:trojan-activity;sid:84298771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.186.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435672/; classtype:trojan-activity;sid:84298772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.65.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435670/; classtype:trojan-activity;sid:84298770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.83.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435669/; classtype:trojan-activity;sid:84298769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.78.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435668/; classtype:trojan-activity;sid:84298768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.42.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435667/; classtype:trojan-activity;sid:84298767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435664)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.126.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435664/; classtype:trojan-activity;sid:84298764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.222.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435665/; classtype:trojan-activity;sid:84298765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.120.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435657/; classtype:trojan-activity;sid:84298757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435654)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"senbicaehgd.dns.army"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435654/; classtype:trojan-activity;sid:84298754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435651)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.186.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435651/; classtype:trojan-activity;sid:84298751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.75.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435650/; classtype:trojan-activity;sid:84298750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435649)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.2.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435649/; classtype:trojan-activity;sid:84298749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"99.216.8.142"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435605/; classtype:trojan-activity;sid:84298705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435602)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435602/; classtype:trojan-activity;sid:84298702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435601)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.134.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435601/; classtype:trojan-activity;sid:84298701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.167.124.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435600/; classtype:trojan-activity;sid:84298700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435596)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.180.244.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435596/; classtype:trojan-activity;sid:84298696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.16.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435594/; classtype:trojan-activity;sid:84298694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.232.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435593/; classtype:trojan-activity;sid:84298693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"187.13.169.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435592/; classtype:trojan-activity;sid:84298692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.188.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435591/; classtype:trojan-activity;sid:84298691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435589)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.116.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435589/; classtype:trojan-activity;sid:84298689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435587)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.131.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435587/; classtype:trojan-activity;sid:84298687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.128.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435585/; classtype:trojan-activity;sid:84298685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.75.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435582/; classtype:trojan-activity;sid:84298682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.121.0.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435581/; classtype:trojan-activity;sid:84298681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"99.216.8.142"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435579/; classtype:trojan-activity;sid:84298679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"104.193.56.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435578/; classtype:trojan-activity;sid:84298678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.180.244.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435573/; classtype:trojan-activity;sid:84298673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.188.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435570/; classtype:trojan-activity;sid:84298670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.7.159"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435566/; classtype:trojan-activity;sid:84298666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.95.79.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435564/; classtype:trojan-activity;sid:84298664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.128.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435563/; classtype:trojan-activity;sid:84298663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.13.169.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435559/; classtype:trojan-activity;sid:84298659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.58.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435558/; classtype:trojan-activity;sid:84298658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435556)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.56.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435556/; classtype:trojan-activity;sid:84298656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.74.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435551/; classtype:trojan-activity;sid:84298651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.180.244.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435547/; classtype:trojan-activity;sid:84298647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.127.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435545/; classtype:trojan-activity;sid:84298645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.88.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435544/; classtype:trojan-activity;sid:84298644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.79.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435541/; classtype:trojan-activity;sid:84298641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.43.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435539/; classtype:trojan-activity;sid:84298639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.119.182.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435536/; classtype:trojan-activity;sid:84298636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.135.249.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435535/; classtype:trojan-activity;sid:84298635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.74.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435533/; classtype:trojan-activity;sid:84298633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.74.120.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435528/; classtype:trojan-activity;sid:84298628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.151.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435523/; classtype:trojan-activity;sid:84298623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.114.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435521/; classtype:trojan-activity;sid:84298621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.43.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435519/; classtype:trojan-activity;sid:84298619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435516)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.37.119.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435516/; classtype:trojan-activity;sid:84298616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.74.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435515/; classtype:trojan-activity;sid:84298615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.135.249.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435513/; classtype:trojan-activity;sid:84298613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.54.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435504/; classtype:trojan-activity;sid:84298604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435503)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.51.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435503/; classtype:trojan-activity;sid:84298603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435496)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.59.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435496/; classtype:trojan-activity;sid:84298596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.25.183"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435491/; classtype:trojan-activity;sid:84298591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.37.119.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435490/; classtype:trojan-activity;sid:84298590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.184.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435488/; classtype:trojan-activity;sid:84298588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.77.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435483/; classtype:trojan-activity;sid:84298583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.186.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435482/; classtype:trojan-activity;sid:84298582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.92.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435480/; classtype:trojan-activity;sid:84298580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435477)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.101.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435477/; classtype:trojan-activity;sid:84298577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.36.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435476/; classtype:trojan-activity;sid:84298576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.151.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435469/; classtype:trojan-activity;sid:84298569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.184.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435468/; classtype:trojan-activity;sid:84298568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.235.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435467/; classtype:trojan-activity;sid:84298567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.77.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435463/; classtype:trojan-activity;sid:84298563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.92.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435462/; classtype:trojan-activity;sid:84298562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.186.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435460/; classtype:trojan-activity;sid:84298560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.219.45.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435458/; classtype:trojan-activity;sid:84298558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435456)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.173.85.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435456/; classtype:trojan-activity;sid:84298556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.152.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435455/; classtype:trojan-activity;sid:84298555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.153.214.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435454/; classtype:trojan-activity;sid:84298554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.49.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435452/; classtype:trojan-activity;sid:84298552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.235.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435449/; classtype:trojan-activity;sid:84298549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435433)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.247.92.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435433/; classtype:trojan-activity;sid:84298533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.140.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435430/; classtype:trojan-activity;sid:84298530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.182.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435429/; classtype:trojan-activity;sid:84298529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.234.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435428/; classtype:trojan-activity;sid:84298528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.113.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435427/; classtype:trojan-activity;sid:84298527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.183.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435426/; classtype:trojan-activity;sid:84298526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.140.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435425/; classtype:trojan-activity;sid:84298525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.54.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435424/; classtype:trojan-activity;sid:84298524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.86.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435423/; classtype:trojan-activity;sid:84298523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.153.214.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435422/; classtype:trojan-activity;sid:84298522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.208.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435421/; classtype:trojan-activity;sid:84298521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.63.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435420/; classtype:trojan-activity;sid:84298520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435419)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.182.77.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435419/; classtype:trojan-activity;sid:84298519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.49.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435417/; classtype:trojan-activity;sid:84298517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.188.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435418/; classtype:trojan-activity;sid:84298518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"169.224.101.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435416/; classtype:trojan-activity;sid:84298516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.120.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435415/; classtype:trojan-activity;sid:84298515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.153.210.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435414/; classtype:trojan-activity;sid:84298514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.32.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435413/; classtype:trojan-activity;sid:84298513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.236.23.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435411/; classtype:trojan-activity;sid:84298511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.88.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435412/; classtype:trojan-activity;sid:84298512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435410)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.239.220.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435410/; classtype:trojan-activity;sid:84298510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.182.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435409/; classtype:trojan-activity;sid:84298509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.15.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435408/; classtype:trojan-activity;sid:84298508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.30.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435407/; classtype:trojan-activity;sid:84298507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435406)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.208.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435406/; classtype:trojan-activity;sid:84298506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435405/; classtype:trojan-activity;sid:84298505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435404)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.114.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435404/; classtype:trojan-activity;sid:84298504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435403)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.227.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435403/; classtype:trojan-activity;sid:84298503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.20.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435402/; classtype:trojan-activity;sid:84298502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.120.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435401/; classtype:trojan-activity;sid:84298501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.30.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435400/; classtype:trojan-activity;sid:84298500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.110.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435399/; classtype:trojan-activity;sid:84298499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.68.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435398/; classtype:trojan-activity;sid:84298498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.88.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435397/; classtype:trojan-activity;sid:84298497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435396/; classtype:trojan-activity;sid:84298496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.169.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435395/; classtype:trojan-activity;sid:84298495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.131.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435394/; classtype:trojan-activity;sid:84298494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.15.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435393/; classtype:trojan-activity;sid:84298493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.54.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435392/; classtype:trojan-activity;sid:84298492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435391)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.236.23.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435391/; classtype:trojan-activity;sid:84298491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.67.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435390/; classtype:trojan-activity;sid:84298490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.102.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435389/; classtype:trojan-activity;sid:84298489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.65.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435385/; classtype:trojan-activity;sid:84298485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.36.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435386/; classtype:trojan-activity;sid:84298486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.145.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435387/; classtype:trojan-activity;sid:84298487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.60.225.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435388/; classtype:trojan-activity;sid:84298488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.233.148.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435383/; classtype:trojan-activity;sid:84298483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.97.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435384/; classtype:trojan-activity;sid:84298484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.81.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435382/; classtype:trojan-activity;sid:84298482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.37.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435381/; classtype:trojan-activity;sid:84298481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.94.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435380/; classtype:trojan-activity;sid:84298480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435379)"; flow:established,from_client; content:"GET"; http_method; content:"/1.bat"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"www.feedback35467.biz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435379/; classtype:trojan-activity;sid:84298479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435372)"; flow:established,from_client; content:"GET"; http_method; content:"/1.bat"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"79.110.49.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435372/; classtype:trojan-activity;sid:84298472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435373)"; flow:established,from_client; content:"GET"; http_method; content:"/loli.bat"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"79.110.49.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435373/; classtype:trojan-activity;sid:84298473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435374)"; flow:established,from_client; content:"GET"; http_method; content:"/1.apk"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"79.110.49.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435374/; classtype:trojan-activity;sid:84298474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435375)"; flow:established,from_client; content:"GET"; http_method; content:"/1.apk"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"www.feedback35467.biz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435375/; classtype:trojan-activity;sid:84298475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435376)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"www.feedback35467.biz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435376/; classtype:trojan-activity;sid:84298476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435377)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"79.110.49.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435377/; classtype:trojan-activity;sid:84298477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435378)"; flow:established,from_client; content:"GET"; http_method; content:"/loli.bat"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.feedback35467.biz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435378/; classtype:trojan-activity;sid:84298478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.179.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435371/; classtype:trojan-activity;sid:84298471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.242.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435370/; classtype:trojan-activity;sid:84298470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435369)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.125.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435369/; classtype:trojan-activity;sid:84298469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435368)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.92.81.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435368/; classtype:trojan-activity;sid:84298468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.2.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435367/; classtype:trojan-activity;sid:84298467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435366)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.131.92.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435366/; classtype:trojan-activity;sid:84298466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435361)"; flow:established,from_client; content:"GET"; http_method; content:"/2.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.134.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435361/; classtype:trojan-activity;sid:84298461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435362)"; flow:established,from_client; content:"GET"; http_method; content:"/4.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.134.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435362/; classtype:trojan-activity;sid:84298462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435363)"; flow:established,from_client; content:"GET"; http_method; content:"/windowsupdate3.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"176.65.134.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435363/; classtype:trojan-activity;sid:84298463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435364)"; flow:established,from_client; content:"GET"; http_method; content:"/windowsupdate5.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"176.65.134.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435364/; classtype:trojan-activity;sid:84298464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.94.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435365/; classtype:trojan-activity;sid:84298465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435352)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.134.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435352/; classtype:trojan-activity;sid:84298452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435353)"; flow:established,from_client; content:"GET"; http_method; content:"/windowsupdate1.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"176.65.134.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435353/; classtype:trojan-activity;sid:84298453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435354)"; flow:established,from_client; content:"GET"; http_method; content:"/parel.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.134.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435354/; classtype:trojan-activity;sid:84298454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435355)"; flow:established,from_client; content:"GET"; http_method; content:"/windowsupdate2.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"176.65.134.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435355/; classtype:trojan-activity;sid:84298455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435356)"; flow:established,from_client; content:"GET"; http_method; content:"/windowsupdate4.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"176.65.134.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435356/; classtype:trojan-activity;sid:84298456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435357)"; flow:established,from_client; content:"GET"; http_method; content:"/3.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.134.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435357/; classtype:trojan-activity;sid:84298457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435358)"; flow:established,from_client; content:"GET"; http_method; content:"/5.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.134.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435358/; classtype:trojan-activity;sid:84298458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435359)"; flow:established,from_client; content:"GET"; http_method; content:"/windowsupdatefud1.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.134.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435359/; classtype:trojan-activity;sid:84298459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435360)"; flow:established,from_client; content:"GET"; http_method; content:"/winreg.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.134.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435360/; classtype:trojan-activity;sid:84298460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435351)"; flow:established,from_client; content:"GET"; http_method; content:"/wmiworking.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.134.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435351/; classtype:trojan-activity;sid:84298451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.67.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435350/; classtype:trojan-activity;sid:84298450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.231.30.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435348/; classtype:trojan-activity;sid:84298448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435349)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.66.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435349/; classtype:trojan-activity;sid:84298449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.81.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435347/; classtype:trojan-activity;sid:84298447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.144.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435346/; classtype:trojan-activity;sid:84298446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.68.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435345/; classtype:trojan-activity;sid:84298445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.98.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435344/; classtype:trojan-activity;sid:84298444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.37.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435343/; classtype:trojan-activity;sid:84298443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.100.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435341/; classtype:trojan-activity;sid:84298441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435342)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.94.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435342/; classtype:trojan-activity;sid:84298442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.7.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435340/; classtype:trojan-activity;sid:84298440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.34.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435339/; classtype:trojan-activity;sid:84298439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435337)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.192.195.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435337/; classtype:trojan-activity;sid:84298437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435338)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.71.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435338/; classtype:trojan-activity;sid:84298438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.4.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435336/; classtype:trojan-activity;sid:84298436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.2.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435335/; classtype:trojan-activity;sid:84298435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.63.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435334/; classtype:trojan-activity;sid:84298434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.46.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435333/; classtype:trojan-activity;sid:84298433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.169.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435332/; classtype:trojan-activity;sid:84298432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.7.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435331/; classtype:trojan-activity;sid:84298431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.88.81.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435330/; classtype:trojan-activity;sid:84298430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.203.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435329/; classtype:trojan-activity;sid:84298429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.100.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435328/; classtype:trojan-activity;sid:84298428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.208.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435327/; classtype:trojan-activity;sid:84298427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.174.154.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435326/; classtype:trojan-activity;sid:84298426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435324)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.179.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435324/; classtype:trojan-activity;sid:84298424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435325)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.44.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435325/; classtype:trojan-activity;sid:84298425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.178.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435323/; classtype:trojan-activity;sid:84298423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.4.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435321/; classtype:trojan-activity;sid:84298421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.0.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435322/; classtype:trojan-activity;sid:84298422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.167.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435320/; classtype:trojan-activity;sid:84298420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.231.30.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435319/; classtype:trojan-activity;sid:84298419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.117.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435318/; classtype:trojan-activity;sid:84298418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.63.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435315/; classtype:trojan-activity;sid:84298415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.169.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435316/; classtype:trojan-activity;sid:84298416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.46.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435317/; classtype:trojan-activity;sid:84298417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.15.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435314/; classtype:trojan-activity;sid:84298414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.88.81.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435313/; classtype:trojan-activity;sid:84298413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.174.154.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435312/; classtype:trojan-activity;sid:84298412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.232.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435311/; classtype:trojan-activity;sid:84298411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435310)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.151.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435310/; classtype:trojan-activity;sid:84298410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.178.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435309/; classtype:trojan-activity;sid:84298409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.183.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435308/; classtype:trojan-activity;sid:84298408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.144.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435307/; classtype:trojan-activity;sid:84298407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.170.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435306/; classtype:trojan-activity;sid:84298406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.142.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435305/; classtype:trojan-activity;sid:84298405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.167.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435304/; classtype:trojan-activity;sid:84298404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.25.210.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435303/; classtype:trojan-activity;sid:84298403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.4.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435302/; classtype:trojan-activity;sid:84298402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.227.7.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435301/; classtype:trojan-activity;sid:84298401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435299)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435299/; classtype:trojan-activity;sid:84298399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435300)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.58.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435300/; classtype:trojan-activity;sid:84298400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435298)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.94.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435298/; classtype:trojan-activity;sid:84298398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435297)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.254.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435297/; classtype:trojan-activity;sid:84298397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435296)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.239.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435296/; classtype:trojan-activity;sid:84298396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435295)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.232.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435295/; classtype:trojan-activity;sid:84298395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.228.134.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435294/; classtype:trojan-activity;sid:84298394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435293)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.93.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435293/; classtype:trojan-activity;sid:84298393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.248.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435292/; classtype:trojan-activity;sid:84298392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.101.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435291/; classtype:trojan-activity;sid:84298391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.228.85"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435290/; classtype:trojan-activity;sid:84298390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.44.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435289/; classtype:trojan-activity;sid:84298389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.25.210.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435288/; classtype:trojan-activity;sid:84298388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.142.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435287/; classtype:trojan-activity;sid:84298387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435285)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.194.55.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435285/; classtype:trojan-activity;sid:84298385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435286)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.93.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435286/; classtype:trojan-activity;sid:84298386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.147.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435284/; classtype:trojan-activity;sid:84298384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435283)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.124.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435283/; classtype:trojan-activity;sid:84298383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.170.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435282/; classtype:trojan-activity;sid:84298382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.235.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435281/; classtype:trojan-activity;sid:84298381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.153.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435280/; classtype:trojan-activity;sid:84298380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.0.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435279/; classtype:trojan-activity;sid:84298379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435278)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.210.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435278/; classtype:trojan-activity;sid:84298378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.185.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435277/; classtype:trojan-activity;sid:84298377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.194.55.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435276/; classtype:trojan-activity;sid:84298376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.183.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435274/; classtype:trojan-activity;sid:84298374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.147.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435275/; classtype:trojan-activity;sid:84298375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.142.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435273/; classtype:trojan-activity;sid:84298373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.124.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435272/; classtype:trojan-activity;sid:84298372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.95.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435271/; classtype:trojan-activity;sid:84298371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.4.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435270/; classtype:trojan-activity;sid:84298370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.40.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435269/; classtype:trojan-activity;sid:84298369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.74.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435268/; classtype:trojan-activity;sid:84298368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435267)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.13.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435267/; classtype:trojan-activity;sid:84298367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.207.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435266/; classtype:trojan-activity;sid:84298366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.74.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435265/; classtype:trojan-activity;sid:84298365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.82.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435264/; classtype:trojan-activity;sid:84298364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.107.12.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435263/; classtype:trojan-activity;sid:84298363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435262/; classtype:trojan-activity;sid:84298362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435261)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.171.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435261/; classtype:trojan-activity;sid:84298361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.155.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435260/; classtype:trojan-activity;sid:84298360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.207.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435259/; classtype:trojan-activity;sid:84298359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435258)"; flow:established,from_client; content:"GET"; http_method; content:"/322/meco/sweetnessgoodforbestthingsgetbackmegood.hta"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"107.175.130.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435258/; classtype:trojan-activity;sid:84298358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.15.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435257/; classtype:trojan-activity;sid:84298357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.0.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435255/; classtype:trojan-activity;sid:84298355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435256)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/fbo/seethebestthingstogetbacksheisbeautifulgirl.gif"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"192.3.193.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435256/; classtype:trojan-activity;sid:84298356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435254)"; flow:established,from_client; content:"GET"; http_method; content:"/540/seemethebestthingswithgivenuwithmygirlfriendsheis.gif"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"217.160.163.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435254/; classtype:trojan-activity;sid:84298354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"104.193.63.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435252/; classtype:trojan-activity;sid:84298352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435253)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.154.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435253/; classtype:trojan-activity;sid:84298353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.12.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435251/; classtype:trojan-activity;sid:84298351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.159.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435250/; classtype:trojan-activity;sid:84298350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435249)"; flow:established,from_client; content:"GET"; http_method; content:"/txt/rhlwwl4gartmle7.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"weixe.ir"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435249/; classtype:trojan-activity;sid:84298349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435248)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.148.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435248/; classtype:trojan-activity;sid:84298348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.235.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435247/; classtype:trojan-activity;sid:84298347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435246)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.186.216.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435246/; classtype:trojan-activity;sid:84298346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.4.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435245/; classtype:trojan-activity;sid:84298345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.155.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435244/; classtype:trojan-activity;sid:84298344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435243)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.unmovable.online"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435243/; classtype:trojan-activity;sid:84298343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435242)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.59.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435242/; classtype:trojan-activity;sid:84298342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.28.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435241/; classtype:trojan-activity;sid:84298341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435240)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.5.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435240/; classtype:trojan-activity;sid:84298340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.0.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435239/; classtype:trojan-activity;sid:84298339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.193.63.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435238/; classtype:trojan-activity;sid:84298338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.95.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435237/; classtype:trojan-activity;sid:84298337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.73.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435235/; classtype:trojan-activity;sid:84298335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.0.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435236/; classtype:trojan-activity;sid:84298336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.227.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435234/; classtype:trojan-activity;sid:84298334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.96.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435233/; classtype:trojan-activity;sid:84298333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.67.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435232/; classtype:trojan-activity;sid:84298332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435231)"; flow:established,from_client; content:"GET"; http_method; content:"/35/createdbetterthingswithbestgoodthings.gif"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"172.245.123.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435231/; classtype:trojan-activity;sid:84298331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435230)"; flow:established,from_client; content:"GET"; http_method; content:"/filz/setsetup.msi"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"windowssecurefileeditor.digital"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435230/; classtype:trojan-activity;sid:84298330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435229)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/document1026857.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"windowssecurefileeditor.digital"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435229/; classtype:trojan-activity;sid:84298329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435228)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.swung.site"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435228/; classtype:trojan-activity;sid:84298328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435227)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.103.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435227/; classtype:trojan-activity;sid:84298327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435226)"; flow:established,from_client; content:"GET"; http_method; content:"/d%e1%bb%8bchv%e1%bb%a5c%c3%b4ng.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"congdichvu.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435226/; classtype:trojan-activity;sid:84298326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.67.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435225/; classtype:trojan-activity;sid:84298325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435224)"; flow:established,from_client; content:"GET"; http_method; content:"/filz/setsetup.msi"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"147.45.221.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435224/; classtype:trojan-activity;sid:84298324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435223)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/document1026857.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"147.45.221.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435223/; classtype:trojan-activity;sid:84298323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435221)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/document1026857.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"burnfatandfast.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435221/; classtype:trojan-activity;sid:84298321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435222)"; flow:established,from_client; content:"GET"; http_method; content:"/filz/setsetup.msi"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"burnfatandfast.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435222/; classtype:trojan-activity;sid:84298322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.153.210.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435220/; classtype:trojan-activity;sid:84298320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.100.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435219/; classtype:trojan-activity;sid:84298319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435218)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.247.154.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435218/; classtype:trojan-activity;sid:84298318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435217)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.158.161.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435217/; classtype:trojan-activity;sid:84298317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435216)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.213.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435216/; classtype:trojan-activity;sid:84298316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435215)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|1/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"strosom.soniarocha.blog"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435215/; classtype:trojan-activity;sid:84298315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435214)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/memjpdc.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435214/; classtype:trojan-activity;sid:84298314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435211)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/kjgjgfs.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435211/; classtype:trojan-activity;sid:84298311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435212)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/knarmmd.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435212/; classtype:trojan-activity;sid:84298312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435213)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/ijipejb.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435213/; classtype:trojan-activity;sid:84298313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435210/; classtype:trojan-activity;sid:84298310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435209)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.178.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435209/; classtype:trojan-activity;sid:84298309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435201)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.9.254.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435201/; classtype:trojan-activity;sid:84298301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435202)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.149.141.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435202/; classtype:trojan-activity;sid:84298302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435203)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.8.116.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435203/; classtype:trojan-activity;sid:84298303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435204)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/sjofbrd.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435204/; classtype:trojan-activity;sid:84298304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435205)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"104.129.181.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435205/; classtype:trojan-activity;sid:84298305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435206)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.127.34.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435206/; classtype:trojan-activity;sid:84298306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435207)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.37.247.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435207/; classtype:trojan-activity;sid:84298307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435208)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"159.75.164.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435208/; classtype:trojan-activity;sid:84298308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435199)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"82.153.79.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435199/; classtype:trojan-activity;sid:84298299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435200)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"23.106.153.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435200/; classtype:trojan-activity;sid:84298300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435198)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"37.221.67.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435198/; classtype:trojan-activity;sid:84298298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.243.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435197/; classtype:trojan-activity;sid:84298297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435196)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.opossum.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435196/; classtype:trojan-activity;sid:84298296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.238.189.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435195/; classtype:trojan-activity;sid:84298295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.150.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435194/; classtype:trojan-activity;sid:84298294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.21.182"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435193/; classtype:trojan-activity;sid:84298293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435192)"; flow:established,from_client; content:"GET"; http_method; content:"/test/amnew.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435192/; classtype:trojan-activity;sid:84298292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435191)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.0.216.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435191/; classtype:trojan-activity;sid:84298291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435189)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.245.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435189/; classtype:trojan-activity;sid:84298289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435190)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.231.154.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435190/; classtype:trojan-activity;sid:84298290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435186)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435186/; classtype:trojan-activity;sid:84298286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435187)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.25.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435187/; classtype:trojan-activity;sid:84298287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435188)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.220.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435188/; classtype:trojan-activity;sid:84298288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435185)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.5.10.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435185/; classtype:trojan-activity;sid:84298285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.208.105.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435184/; classtype:trojan-activity;sid:84298284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.16.28"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435183/; classtype:trojan-activity;sid:84298283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435182)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.120.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435182/; classtype:trojan-activity;sid:84298282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435181)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.105.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435181/; classtype:trojan-activity;sid:84298281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.243.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435180/; classtype:trojan-activity;sid:84298280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435179)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1506757897/tyliuwv.ps1"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435179/; classtype:trojan-activity;sid:84298279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435174)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5765828710/vigga8c.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435174/; classtype:trojan-activity;sid:84298274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435175)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6875802221/ryu8yux.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435175/; classtype:trojan-activity;sid:84298275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435176)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8029815729/ow6ecgg.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435176/; classtype:trojan-activity;sid:84298276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435177)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5801179114/un8qxiq.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435177/; classtype:trojan-activity;sid:84298277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435178)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7644806746/jonbdes.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435178/; classtype:trojan-activity;sid:84298278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435173)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6640190236/msccqms.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435173/; classtype:trojan-activity;sid:84298273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.150.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435172/; classtype:trojan-activity;sid:84298272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.55.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435171/; classtype:trojan-activity;sid:84298271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435167)"; flow:established,from_client; content:"GET"; http_method; content:"/iluxa94/-3-/refs/heads/main/%d0%a4%d0%be%d1%80%d0%bc%d0%b0%203%d0%9e%d0%a8%d0%91%d0%a0.exe"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435167/; classtype:trojan-activity;sid:84298267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435168)"; flow:established,from_client; content:"GET"; http_method; content:"/topg6565767677/image/refs/heads/main/runtime.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435168/; classtype:trojan-activity;sid:84298268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435170)"; flow:established,from_client; content:"GET"; http_method; content:"/neo23x0/signature-base/archive/master.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435170/; classtype:trojan-activity;sid:84298270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435164)"; flow:established,from_client; content:"GET"; http_method; content:"/bublegumle/hyh/raw/master/server.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435164/; classtype:trojan-activity;sid:84298264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435165)"; flow:established,from_client; content:"GET"; http_method; content:"/honkshefter/sundshefter/raw/refs/heads/main/winx32.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435165/; classtype:trojan-activity;sid:84298265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435156)"; flow:established,from_client; content:"GET"; http_method; content:"/simon990520/am/raw/refs/heads/main/am.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435156/; classtype:trojan-activity;sid:84298256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435153)"; flow:established,from_client; content:"GET"; http_method; content:"/serverenvio.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"pfwpifjwifksdfwjrfojnefoksorf5.duckdns.org"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435153/; classtype:trojan-activity;sid:84298253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435152)"; flow:established,from_client; content:"GET"; http_method; content:"/35/cnmo/createdbetterthingswithbestgoodthings.hta"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"172.245.123.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435152/; classtype:trojan-activity;sid:84298252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435151)"; flow:established,from_client; content:"GET"; http_method; content:"/acfy/cpdb/raw/main/cpdb.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435151/; classtype:trojan-activity;sid:84298251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435150)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.alienable.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435150/; classtype:trojan-activity;sid:84298250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435149)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.banking1.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435149/; classtype:trojan-activity;sid:84298249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435148)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.cesspool.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435148/; classtype:trojan-activity;sid:84298248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435147)"; flow:established,from_client; content:"GET"; http_method; content:"/x/irq2"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dcp227.neoplus.adsl.tpnet.pl"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435147/; classtype:trojan-activity;sid:84298247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435145)"; flow:established,from_client; content:"GET"; http_method; content:"/x/irq0"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dcp227.neoplus.adsl.tpnet.pl"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435145/; classtype:trojan-activity;sid:84298245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435146)"; flow:established,from_client; content:"GET"; http_method; content:"/x/irq1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dcp227.neoplus.adsl.tpnet.pl"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435146/; classtype:trojan-activity;sid:84298246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435144)"; flow:established,from_client; content:"GET"; http_method; content:"/x/pty"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"dcp227.neoplus.adsl.tpnet.pl"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435144/; classtype:trojan-activity;sid:84298244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435143)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"101.32.40.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435143/; classtype:trojan-activity;sid:84298243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435142)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"161.35.127.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435142/; classtype:trojan-activity;sid:84298242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.150.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435141/; classtype:trojan-activity;sid:84298241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435139)"; flow:established,from_client; content:"GET"; http_method; content:"/arm77"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"141.98.11.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435139/; classtype:trojan-activity;sid:84298239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435140)"; flow:established,from_client; content:"GET"; http_method; content:"/s"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"141.98.11.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435140/; classtype:trojan-activity;sid:84298240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435138)"; flow:established,from_client; content:"GET"; http_method; content:"/z/xaxoa"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.98.11.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435138/; classtype:trojan-activity;sid:84298238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435137)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.196.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435137/; classtype:trojan-activity;sid:84298237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435136)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.182.112.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435136/; classtype:trojan-activity;sid:84298236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435133)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.242.233.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435133/; classtype:trojan-activity;sid:84298233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435134)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.210.150.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435134/; classtype:trojan-activity;sid:84298234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435135)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.172.150.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435135/; classtype:trojan-activity;sid:84298235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435128)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.113.225.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435128/; classtype:trojan-activity;sid:84298228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435129)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.88.42.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435129/; classtype:trojan-activity;sid:84298229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435130)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.160.10.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435130/; classtype:trojan-activity;sid:84298230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435131)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.113.225.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435131/; classtype:trojan-activity;sid:84298231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435132)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.172.150.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435132/; classtype:trojan-activity;sid:84298232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435121)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.99.91.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435121/; classtype:trojan-activity;sid:84298221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435122)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.83.72.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435122/; classtype:trojan-activity;sid:84298222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435123)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.66.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435123/; classtype:trojan-activity;sid:84298223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435124)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"105.184.94.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435124/; classtype:trojan-activity;sid:84298224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435125)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.66.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435125/; classtype:trojan-activity;sid:84298225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435126)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.3.100.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435126/; classtype:trojan-activity;sid:84298226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435127)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.237.133.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435127/; classtype:trojan-activity;sid:84298227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435117)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.182.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435117/; classtype:trojan-activity;sid:84298217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435118)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.139.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435118/; classtype:trojan-activity;sid:84298218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435119)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.205.236.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435119/; classtype:trojan-activity;sid:84298219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435120)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"149.210.44.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435120/; classtype:trojan-activity;sid:84298220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435116)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.51.247.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435116/; classtype:trojan-activity;sid:84298216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.90.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435115/; classtype:trojan-activity;sid:84298215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435112)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"rolimonss.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435112/; classtype:trojan-activity;sid:84298212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.240.8.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435113/; classtype:trojan-activity;sid:84298213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.86.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435114/; classtype:trojan-activity;sid:84298214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435111)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"rolimonss.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435111/; classtype:trojan-activity;sid:84298211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.144.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435108/; classtype:trojan-activity;sid:84298208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.75.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435109/; classtype:trojan-activity;sid:84298209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435110)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.106.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435110/; classtype:trojan-activity;sid:84298210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.150.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435107/; classtype:trojan-activity;sid:84298207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435106)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.153.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435106/; classtype:trojan-activity;sid:84298206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.159.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435105/; classtype:trojan-activity;sid:84298205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.247.162.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435095/; classtype:trojan-activity;sid:84298195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.160.164.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435096/; classtype:trojan-activity;sid:84298196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.235.253.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435097/; classtype:trojan-activity;sid:84298197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.235.228.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435098/; classtype:trojan-activity;sid:84298198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.235.243.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435099/; classtype:trojan-activity;sid:84298199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.132.20.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435100/; classtype:trojan-activity;sid:84298200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.198.223.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435101/; classtype:trojan-activity;sid:84298201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.235.217.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435102/; classtype:trojan-activity;sid:84298202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.243.218.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435103/; classtype:trojan-activity;sid:84298203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.235.204.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435104/; classtype:trojan-activity;sid:84298204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.208.60.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435088/; classtype:trojan-activity;sid:84298188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.70.146.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435089/; classtype:trojan-activity;sid:84298189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.32.15.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435090/; classtype:trojan-activity;sid:84298190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.230.194.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435091/; classtype:trojan-activity;sid:84298191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.208.153.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435092/; classtype:trojan-activity;sid:84298192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.26.216.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435093/; classtype:trojan-activity;sid:84298193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.38.64.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435094/; classtype:trojan-activity;sid:84298194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.43.201.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435082/; classtype:trojan-activity;sid:84298182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.93.26.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435083/; classtype:trojan-activity;sid:84298183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.204.104.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435084/; classtype:trojan-activity;sid:84298184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.231.115.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435085/; classtype:trojan-activity;sid:84298185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.131.125.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435086/; classtype:trojan-activity;sid:84298186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.141.244.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435087/; classtype:trojan-activity;sid:84298187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435076)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.131.109.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435076/; classtype:trojan-activity;sid:84298176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.170.168.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435077/; classtype:trojan-activity;sid:84298177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.188.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435078/; classtype:trojan-activity;sid:84298178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.82.130.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435079/; classtype:trojan-activity;sid:84298179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.65.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435080/; classtype:trojan-activity;sid:84298180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.6.130.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435081/; classtype:trojan-activity;sid:84298181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.158.88.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435075/; classtype:trojan-activity;sid:84298175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435074)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"146.19.207.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435074/; classtype:trojan-activity;sid:84298174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435070)"; flow:established,from_client; content:"GET"; http_method; content:"/gyugtp.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"146.19.207.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435070/; classtype:trojan-activity;sid:84298170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435071)"; flow:established,from_client; content:"GET"; http_method; content:"/tiktok.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"146.19.207.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435071/; classtype:trojan-activity;sid:84298171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435072)"; flow:established,from_client; content:"GET"; http_method; content:"/roli.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"146.19.207.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435072/; classtype:trojan-activity;sid:84298172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435073)"; flow:established,from_client; content:"GET"; http_method; content:"/tradingbot482.txt"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"146.19.207.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435073/; classtype:trojan-activity;sid:84298173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435069)"; flow:established,from_client; content:"GET"; http_method; content:"/microsoft.bat"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"146.19.207.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435069/; classtype:trojan-activity;sid:84298169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435068)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.103.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435068/; classtype:trojan-activity;sid:84298168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.100.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435067/; classtype:trojan-activity;sid:84298167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435066)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.120.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435066/; classtype:trojan-activity;sid:84298166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.240.8.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435065/; classtype:trojan-activity;sid:84298165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.18.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435064/; classtype:trojan-activity;sid:84298164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.78.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435063/; classtype:trojan-activity;sid:84298163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435062)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"23.158.56.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435062/; classtype:trojan-activity;sid:84298162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435061)"; flow:established,from_client; content:"GET"; http_method; content:"/r"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"cioudfiare.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435061/; classtype:trojan-activity;sid:84298161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435060)"; flow:established,from_client; content:"GET"; http_method; content:"/verify"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cioudfiare.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435060/; classtype:trojan-activity;sid:84298160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.4.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435059/; classtype:trojan-activity;sid:84298159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.28.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435056/; classtype:trojan-activity;sid:84298156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.153.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435057/; classtype:trojan-activity;sid:84298157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.109.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435058/; classtype:trojan-activity;sid:84298158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435054)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.186.216.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435054/; classtype:trojan-activity;sid:84298154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.23.157.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435055/; classtype:trojan-activity;sid:84298155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.65.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435053/; classtype:trojan-activity;sid:84298153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435052)"; flow:established,from_client; content:"GET"; http_method; content:"/load/xclient.vbs"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"lolz.mosco.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435052/; classtype:trojan-activity;sid:84298152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435049)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.113.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435049/; classtype:trojan-activity;sid:84298149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.211.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435050/; classtype:trojan-activity;sid:84298150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435051)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.112.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435051/; classtype:trojan-activity;sid:84298151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435046)"; flow:established,from_client; content:"GET"; http_method; content:"/folder/squarespace.bat"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.88.186.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435046/; classtype:trojan-activity;sid:84298146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435047)"; flow:established,from_client; content:"GET"; http_method; content:"/folder/bitvice.bat"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.88.186.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435047/; classtype:trojan-activity;sid:84298147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435048)"; flow:established,from_client; content:"GET"; http_method; content:"/folder/bahrwa.bat"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.88.186.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435048/; classtype:trojan-activity;sid:84298148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435045)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"kick.bh"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435045/; classtype:trojan-activity;sid:84298145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435039)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"45.88.186.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435039/; classtype:trojan-activity;sid:84298139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435040)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"195.211.190.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435040/; classtype:trojan-activity;sid:84298140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435041)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"195.211.190.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435041/; classtype:trojan-activity;sid:84298141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435042)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"rumble.tube"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435042/; classtype:trojan-activity;sid:84298142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435043)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"twitch.tj"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435043/; classtype:trojan-activity;sid:84298143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435044)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"twitch.tj"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435044/; classtype:trojan-activity;sid:84298144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.98.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435038/; classtype:trojan-activity;sid:84298138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.20.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435037/; classtype:trojan-activity;sid:84298137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.62.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435036/; classtype:trojan-activity;sid:84298136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435035)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"45.88.186.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435035/; classtype:trojan-activity;sid:84298135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435032)"; flow:established,from_client; content:"GET"; http_method; content:"/l"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435032/; classtype:trojan-activity;sid:84298132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435033)"; flow:established,from_client; content:"GET"; http_method; content:"/test.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435033/; classtype:trojan-activity;sid:84298133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435034)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435034/; classtype:trojan-activity;sid:84298134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435004)"; flow:established,from_client; content:"GET"; http_method; content:"/xaxa"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435004/; classtype:trojan-activity;sid:84298104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435005)"; flow:established,from_client; content:"GET"; http_method; content:"/zz"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435005/; classtype:trojan-activity;sid:84298105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435006)"; flow:established,from_client; content:"GET"; http_method; content:"/mass.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435006/; classtype:trojan-activity;sid:84298106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435007)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435007/; classtype:trojan-activity;sid:84298107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435008)"; flow:established,from_client; content:"GET"; http_method; content:"/ruck"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435008/; classtype:trojan-activity;sid:84298108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435009)"; flow:established,from_client; content:"GET"; http_method; content:"/av.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435009/; classtype:trojan-activity;sid:84298109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435010)"; flow:established,from_client; content:"GET"; http_method; content:"/fdgsfg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435010/; classtype:trojan-activity;sid:84298110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435011)"; flow:established,from_client; content:"GET"; http_method; content:"/vc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435011/; classtype:trojan-activity;sid:84298111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435012)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435012/; classtype:trojan-activity;sid:84298112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435013)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435013/; classtype:trojan-activity;sid:84298113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435014)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435014/; classtype:trojan-activity;sid:84298114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435015)"; flow:established,from_client; content:"GET"; http_method; content:"/mag"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435015/; classtype:trojan-activity;sid:84298115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435016)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435016/; classtype:trojan-activity;sid:84298116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435017)"; flow:established,from_client; content:"GET"; http_method; content:"/r.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435017/; classtype:trojan-activity;sid:84298117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435018)"; flow:established,from_client; content:"GET"; http_method; content:"/sdt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435018/; classtype:trojan-activity;sid:84298118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435019)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435019/; classtype:trojan-activity;sid:84298119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435020)"; flow:established,from_client; content:"GET"; http_method; content:"/create.py"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435020/; classtype:trojan-activity;sid:84298120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435021)"; flow:established,from_client; content:"GET"; http_method; content:"/lll"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435021/; classtype:trojan-activity;sid:84298121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435022)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435022/; classtype:trojan-activity;sid:84298122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435023)"; flow:established,from_client; content:"GET"; http_method; content:"/gocl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435023/; classtype:trojan-activity;sid:84298123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435024)"; flow:established,from_client; content:"GET"; http_method; content:"/asd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435024/; classtype:trojan-activity;sid:84298124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435025)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435025/; classtype:trojan-activity;sid:84298125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435026)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435026/; classtype:trojan-activity;sid:84298126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435027)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435027/; classtype:trojan-activity;sid:84298127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435028)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435028/; classtype:trojan-activity;sid:84298128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435029)"; flow:established,from_client; content:"GET"; http_method; content:"/fb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435029/; classtype:trojan-activity;sid:84298129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435030)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435030/; classtype:trojan-activity;sid:84298130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435031)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435031/; classtype:trojan-activity;sid:84298131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435001)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435001/; classtype:trojan-activity;sid:84298101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435002)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435002/; classtype:trojan-activity;sid:84298102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435003)"; flow:established,from_client; content:"GET"; http_method; content:"/f5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435003/; classtype:trojan-activity;sid:84298103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.209.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435000/; classtype:trojan-activity;sid:84298100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.153.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434999/; classtype:trojan-activity;sid:84298099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.18.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434998/; classtype:trojan-activity;sid:84298098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434997)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"106.56.125.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434997/; classtype:trojan-activity;sid:84298097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.22.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434996/; classtype:trojan-activity;sid:84298096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.238.189.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434994/; classtype:trojan-activity;sid:84298094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434995)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.167.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434995/; classtype:trojan-activity;sid:84298095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.251.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434993/; classtype:trojan-activity;sid:84298093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.62.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434992/; classtype:trojan-activity;sid:84298092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.242.128.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434991/; classtype:trojan-activity;sid:84298091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.44.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434990/; classtype:trojan-activity;sid:84298090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434973)"; flow:established,from_client; content:"GET"; http_method; content:"/ztest"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434973/; classtype:trojan-activity;sid:84298073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434974)"; flow:established,from_client; content:"GET"; http_method; content:"/gig.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434974/; classtype:trojan-activity;sid:84298074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434975)"; flow:established,from_client; content:"GET"; http_method; content:"/pdvr"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434975/; classtype:trojan-activity;sid:84298075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434976)"; flow:established,from_client; content:"GET"; http_method; content:"/sh.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434976/; classtype:trojan-activity;sid:84298076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434977)"; flow:established,from_client; content:"GET"; http_method; content:"/wop"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434977/; classtype:trojan-activity;sid:84298077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434978)"; flow:established,from_client; content:"GET"; http_method; content:"/zxc.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434978/; classtype:trojan-activity;sid:84298078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434979)"; flow:established,from_client; content:"GET"; http_method; content:"/chomp"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434979/; classtype:trojan-activity;sid:84298079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434980)"; flow:established,from_client; content:"GET"; http_method; content:"/cn"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434980/; classtype:trojan-activity;sid:84298080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434981)"; flow:established,from_client; content:"GET"; http_method; content:"/x"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434981/; classtype:trojan-activity;sid:84298081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434982)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434982/; classtype:trojan-activity;sid:84298082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434983)"; flow:established,from_client; content:"GET"; http_method; content:"/buf"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434983/; classtype:trojan-activity;sid:84298083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434984)"; flow:established,from_client; content:"GET"; http_method; content:"/wert"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434984/; classtype:trojan-activity;sid:84298084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434985)"; flow:established,from_client; content:"GET"; http_method; content:"/we"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434985/; classtype:trojan-activity;sid:84298085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434986)"; flow:established,from_client; content:"GET"; http_method; content:"/brr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434986/; classtype:trojan-activity;sid:84298086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434987)"; flow:established,from_client; content:"GET"; http_method; content:"/phi.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434987/; classtype:trojan-activity;sid:84298087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434988)"; flow:established,from_client; content:"GET"; http_method; content:"/ah"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434988/; classtype:trojan-activity;sid:84298088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434989)"; flow:established,from_client; content:"GET"; http_method; content:"/n3881.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434989/; classtype:trojan-activity;sid:84298089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434972)"; flow:established,from_client; content:"GET"; http_method; content:"/n"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434972/; classtype:trojan-activity;sid:84298072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434942)"; flow:established,from_client; content:"GET"; http_method; content:"/nfarm5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434942/; classtype:trojan-activity;sid:84298042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434943)"; flow:established,from_client; content:"GET"; http_method; content:"/nfmips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434943/; classtype:trojan-activity;sid:84298043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434944)"; flow:established,from_client; content:"GET"; http_method; content:"/rarm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434944/; classtype:trojan-activity;sid:84298044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434945)"; flow:established,from_client; content:"GET"; http_method; content:"/kmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434945/; classtype:trojan-activity;sid:84298045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434946)"; flow:established,from_client; content:"GET"; http_method; content:"/rsh4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434946/; classtype:trojan-activity;sid:84298046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434947)"; flow:established,from_client; content:"GET"; http_method; content:"/nfx86"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434947/; classtype:trojan-activity;sid:84298047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434948)"; flow:established,from_client; content:"GET"; http_method; content:"/kmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434948/; classtype:trojan-activity;sid:84298048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434949)"; flow:established,from_client; content:"GET"; http_method; content:"/rmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434949/; classtype:trojan-activity;sid:84298049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434950)"; flow:established,from_client; content:"GET"; http_method; content:"/rppc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434950/; classtype:trojan-activity;sid:84298050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434951)"; flow:established,from_client; content:"GET"; http_method; content:"/karm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434951/; classtype:trojan-activity;sid:84298051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434952)"; flow:established,from_client; content:"GET"; http_method; content:"/rmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434952/; classtype:trojan-activity;sid:84298052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434953)"; flow:established,from_client; content:"GET"; http_method; content:"/karm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434953/; classtype:trojan-activity;sid:84298053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434954)"; flow:established,from_client; content:"GET"; http_method; content:"/rarm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434954/; classtype:trojan-activity;sid:84298054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434955)"; flow:established,from_client; content:"GET"; http_method; content:"/kx86"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434955/; classtype:trojan-activity;sid:84298055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434956)"; flow:established,from_client; content:"GET"; http_method; content:"/klfmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434956/; classtype:trojan-activity;sid:84298056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.17.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434957/; classtype:trojan-activity;sid:84298057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434958)"; flow:established,from_client; content:"GET"; http_method; content:"/nfppc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434958/; classtype:trojan-activity;sid:84298058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434959)"; flow:established,from_client; content:"GET"; http_method; content:"/nfsh4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434959/; classtype:trojan-activity;sid:84298059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434960)"; flow:established,from_client; content:"GET"; http_method; content:"/klfarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434960/; classtype:trojan-activity;sid:84298060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434961)"; flow:established,from_client; content:"GET"; http_method; content:"/rarc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434961/; classtype:trojan-activity;sid:84298061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434962)"; flow:established,from_client; content:"GET"; http_method; content:"/nfarc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434962/; classtype:trojan-activity;sid:84298062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434963)"; flow:established,from_client; content:"GET"; http_method; content:"/klfppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434963/; classtype:trojan-activity;sid:84298063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434964)"; flow:established,from_client; content:"GET"; http_method; content:"/klfsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434964/; classtype:trojan-activity;sid:84298064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434965)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434965/; classtype:trojan-activity;sid:84298065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434966)"; flow:established,from_client; content:"GET"; http_method; content:"/klfmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434966/; classtype:trojan-activity;sid:84298066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434967)"; flow:established,from_client; content:"GET"; http_method; content:"/klfarc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434967/; classtype:trojan-activity;sid:84298067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434968)"; flow:established,from_client; content:"GET"; http_method; content:"/klf86"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434968/; classtype:trojan-activity;sid:84298068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434969)"; flow:established,from_client; content:"GET"; http_method; content:"/rarm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434969/; classtype:trojan-activity;sid:84298069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434970)"; flow:established,from_client; content:"GET"; http_method; content:"/klfarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434970/; classtype:trojan-activity;sid:84298070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434971)"; flow:established,from_client; content:"GET"; http_method; content:"/kflarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434971/; classtype:trojan-activity;sid:84298071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434937)"; flow:established,from_client; content:"GET"; http_method; content:"/nfarm"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434937/; classtype:trojan-activity;sid:84298037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434938)"; flow:established,from_client; content:"GET"; http_method; content:"/nfmpsl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434938/; classtype:trojan-activity;sid:84298038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434939)"; flow:established,from_client; content:"GET"; http_method; content:"/karm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434939/; classtype:trojan-activity;sid:84298039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434940)"; flow:established,from_client; content:"GET"; http_method; content:"/rx86"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434940/; classtype:trojan-activity;sid:84298040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434941)"; flow:established,from_client; content:"GET"; http_method; content:"/nfarm7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434941/; classtype:trojan-activity;sid:84298041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.211.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434936/; classtype:trojan-activity;sid:84298036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.253.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434935/; classtype:trojan-activity;sid:84298035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"149.115.100.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434934/; classtype:trojan-activity;sid:84298034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.213.181.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434933/; classtype:trojan-activity;sid:84298033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.22.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434932/; classtype:trojan-activity;sid:84298032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.17.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434931/; classtype:trojan-activity;sid:84298031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434929)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.36.148.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434929/; classtype:trojan-activity;sid:84298029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.253.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434930/; classtype:trojan-activity;sid:84298030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.98.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434928/; classtype:trojan-activity;sid:84298028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.216.92.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434927/; classtype:trojan-activity;sid:84298027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.242.128.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434926/; classtype:trojan-activity;sid:84298026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.98.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434925/; classtype:trojan-activity;sid:84298025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.102.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434924/; classtype:trojan-activity;sid:84298024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434923)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"3.17.144.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434923/; classtype:trojan-activity;sid:84298023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434922)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"3.17.144.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434922/; classtype:trojan-activity;sid:84298022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434920)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"3.17.144.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434920/; classtype:trojan-activity;sid:84298020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"149.115.100.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434921/; classtype:trojan-activity;sid:84298021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434919)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"3.17.144.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434919/; classtype:trojan-activity;sid:84298019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434915)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"subzerox5.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434915/; classtype:trojan-activity;sid:84298015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434916)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"subzerox5.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434916/; classtype:trojan-activity;sid:84298016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434917)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"subzerox5.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434917/; classtype:trojan-activity;sid:84298017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434918)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"subzerox5.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434918/; classtype:trojan-activity;sid:84298018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434913)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"subzerox5.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434913/; classtype:trojan-activity;sid:84298013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434914)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"subzerox5.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434914/; classtype:trojan-activity;sid:84298014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434912)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"subzerox5.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434912/; classtype:trojan-activity;sid:84298012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434909)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"subzerox5.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434909/; classtype:trojan-activity;sid:84298009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434910)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"subzerox5.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434910/; classtype:trojan-activity;sid:84298010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434911)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"subzerox5.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434911/; classtype:trojan-activity;sid:84298011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434907)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"3.17.144.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434907/; classtype:trojan-activity;sid:84298007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434908)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"subzerox5.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434908/; classtype:trojan-activity;sid:84298008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434902)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"3.17.144.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434902/; classtype:trojan-activity;sid:84298002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434903)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"3.17.144.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434903/; classtype:trojan-activity;sid:84298003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434904)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"3.17.144.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434904/; classtype:trojan-activity;sid:84298004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434905)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"3.17.144.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434905/; classtype:trojan-activity;sid:84298005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434906)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"3.17.144.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434906/; classtype:trojan-activity;sid:84298006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.81.223.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434901/; classtype:trojan-activity;sid:84298001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.89.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434900/; classtype:trojan-activity;sid:84298000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.47.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434899/; classtype:trojan-activity;sid:84297999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434893)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434893/; classtype:trojan-activity;sid:84297993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434894)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434894/; classtype:trojan-activity;sid:84297994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434895)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434895/; classtype:trojan-activity;sid:84297995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434896)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434896/; classtype:trojan-activity;sid:84297996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434897)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434897/; classtype:trojan-activity;sid:84297997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434898)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434898/; classtype:trojan-activity;sid:84297998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434888)"; flow:established,from_client; content:"GET"; http_method; content:"/.sx86_64"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.140.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434888/; classtype:trojan-activity;sid:84297988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434889)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.140.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434889/; classtype:trojan-activity;sid:84297989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434890)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.140.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434890/; classtype:trojan-activity;sid:84297990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434891)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.140.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434891/; classtype:trojan-activity;sid:84297991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434892)"; flow:established,from_client; content:"GET"; http_method; content:"/.sspc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.140.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434892/; classtype:trojan-activity;sid:84297992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434878)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.140.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434878/; classtype:trojan-activity;sid:84297978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434879)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.140.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434879/; classtype:trojan-activity;sid:84297979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434880)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.140.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434880/; classtype:trojan-activity;sid:84297980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434881)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.140.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434881/; classtype:trojan-activity;sid:84297981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434882)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.140.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434882/; classtype:trojan-activity;sid:84297982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434883)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.140.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434883/; classtype:trojan-activity;sid:84297983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434884)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.140.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434884/; classtype:trojan-activity;sid:84297984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434885)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.140.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434885/; classtype:trojan-activity;sid:84297985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434886)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.140.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434886/; classtype:trojan-activity;sid:84297986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434887)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.140.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434887/; classtype:trojan-activity;sid:84297987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434862)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.140.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434862/; classtype:trojan-activity;sid:84297962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434863)"; flow:established,from_client; content:"GET"; http_method; content:"/.sx86"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.140.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434863/; classtype:trojan-activity;sid:84297963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434864)"; flow:established,from_client; content:"GET"; http_method; content:"/.smips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.140.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434864/; classtype:trojan-activity;sid:84297964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434865)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.140.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434865/; classtype:trojan-activity;sid:84297965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434866)"; flow:established,from_client; content:"GET"; http_method; content:"/.sm68k"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.140.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434866/; classtype:trojan-activity;sid:84297966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434867)"; flow:established,from_client; content:"GET"; http_method; content:"/.ssh4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.140.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434867/; classtype:trojan-activity;sid:84297967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434868)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.140.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434868/; classtype:trojan-activity;sid:84297968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434869)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.140.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434869/; classtype:trojan-activity;sid:84297969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434870)"; flow:established,from_client; content:"GET"; http_method; content:"/.smpsl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.140.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434870/; classtype:trojan-activity;sid:84297970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434871)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.140.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434871/; classtype:trojan-activity;sid:84297971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434872)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.140.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434872/; classtype:trojan-activity;sid:84297972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434873)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.140.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434873/; classtype:trojan-activity;sid:84297973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434874)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.140.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434874/; classtype:trojan-activity;sid:84297974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434875)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.140.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434875/; classtype:trojan-activity;sid:84297975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434876)"; flow:established,from_client; content:"GET"; http_method; content:"/nshmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.140.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434876/; classtype:trojan-activity;sid:84297976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434877)"; flow:established,from_client; content:"GET"; http_method; content:"/.sppc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.140.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434877/; classtype:trojan-activity;sid:84297977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434860)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.140.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434860/; classtype:trojan-activity;sid:84297960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434861)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.140.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434861/; classtype:trojan-activity;sid:84297961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434858)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"23.158.56.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434858/; classtype:trojan-activity;sid:84297958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434859)"; flow:established,from_client; content:"GET"; http_method; content:"/ripz/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.98.11.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434859/; classtype:trojan-activity;sid:84297959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434851)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434851/; classtype:trojan-activity;sid:84297951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434852)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434852/; classtype:trojan-activity;sid:84297952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434853)"; flow:established,from_client; content:"GET"; http_method; content:"/ripz/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.98.11.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434853/; classtype:trojan-activity;sid:84297953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434854)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/u2mms4iwi1wxyn3kiul8ni04ui1fwxxduw"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434854/; classtype:trojan-activity;sid:84297954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434855)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434855/; classtype:trojan-activity;sid:84297955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434856)"; flow:established,from_client; content:"GET"; http_method; content:"/nshmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434856/; classtype:trojan-activity;sid:84297956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434857)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434857/; classtype:trojan-activity;sid:84297957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434845)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434845/; classtype:trojan-activity;sid:84297945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434846)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"23.158.56.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434846/; classtype:trojan-activity;sid:84297946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434847)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434847/; classtype:trojan-activity;sid:84297947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434848)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"23.158.56.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434848/; classtype:trojan-activity;sid:84297948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434849)"; flow:established,from_client; content:"GET"; http_method; content:"/nshmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434849/; classtype:trojan-activity;sid:84297949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434850)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434850/; classtype:trojan-activity;sid:84297950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434838)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434838/; classtype:trojan-activity;sid:84297938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434839)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/0c3swoj0ndimerv1fernsgbhszkvujbrxi"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434839/; classtype:trojan-activity;sid:84297939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434840)"; flow:established,from_client; content:"GET"; http_method; content:"/nshsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434840/; classtype:trojan-activity;sid:84297940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434841)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kxkey2hazizaf9eykqqt52ndwakl6rcpuw"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434841/; classtype:trojan-activity;sid:84297941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434842)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"23.158.56.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434842/; classtype:trojan-activity;sid:84297942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434843)"; flow:established,from_client; content:"GET"; http_method; content:"/ripz/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.98.11.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434843/; classtype:trojan-activity;sid:84297943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434844)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"23.158.56.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434844/; classtype:trojan-activity;sid:84297944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434833)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gqpyp1ifvnfkhmplmchmkfaw3uotdyqudn"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434833/; classtype:trojan-activity;sid:84297933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434834)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434834/; classtype:trojan-activity;sid:84297934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434835)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434835/; classtype:trojan-activity;sid:84297935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434836)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"23.158.56.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434836/; classtype:trojan-activity;sid:84297936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434837)"; flow:established,from_client; content:"GET"; http_method; content:"/ripz/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"141.98.11.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434837/; classtype:trojan-activity;sid:84297937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434829)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/50gxaxyu85gbxl6dka5regbhztvnkx82t9"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434829/; classtype:trojan-activity;sid:84297929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434830)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434830/; classtype:trojan-activity;sid:84297930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434831)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tpkhy2mppogjfcjdjrhwj95pf3i2zjtkre"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434831/; classtype:trojan-activity;sid:84297931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434832)"; flow:established,from_client; content:"GET"; http_method; content:"/ripz/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.98.11.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434832/; classtype:trojan-activity;sid:84297932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434815)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434815/; classtype:trojan-activity;sid:84297915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434816)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434816/; classtype:trojan-activity;sid:84297916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434817)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434817/; classtype:trojan-activity;sid:84297917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434818)"; flow:established,from_client; content:"GET"; http_method; content:"/hmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434818/; classtype:trojan-activity;sid:84297918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434819)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434819/; classtype:trojan-activity;sid:84297919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434820)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434820/; classtype:trojan-activity;sid:84297920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434821)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bdj2fqikzdypbgaixufikfn1zonbpwzwrf"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434821/; classtype:trojan-activity;sid:84297921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434822)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"23.158.56.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434822/; classtype:trojan-activity;sid:84297922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434823)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434823/; classtype:trojan-activity;sid:84297923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434824)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434824/; classtype:trojan-activity;sid:84297924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434825)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.149.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434825/; classtype:trojan-activity;sid:84297925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434826)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet.spc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"23.158.56.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434826/; classtype:trojan-activity;sid:84297926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434827)"; flow:established,from_client; content:"GET"; http_method; content:"/nshppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434827/; classtype:trojan-activity;sid:84297927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434828)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/3qhmhb1k5hctnfdpiv3xsnubpbuahjbstc"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434828/; classtype:trojan-activity;sid:84297928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434810)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434810/; classtype:trojan-activity;sid:84297910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434811)"; flow:established,from_client; content:"GET"; http_method; content:"/gmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434811/; classtype:trojan-activity;sid:84297911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434812)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434812/; classtype:trojan-activity;sid:84297912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434813)"; flow:established,from_client; content:"GET"; http_method; content:"/ripz/arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.98.11.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434813/; classtype:trojan-activity;sid:84297913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434814)"; flow:established,from_client; content:"GET"; http_method; content:"/ripz/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.98.11.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434814/; classtype:trojan-activity;sid:84297914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434808)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/qmpasukk7clminysrrfgzx48d2uyzsoai0"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434808/; classtype:trojan-activity;sid:84297908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434809)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/8rcvzmiedi7pq8wlkfdbuxdonqole1v7dd"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434809/; classtype:trojan-activity;sid:84297909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434807)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/81lbbr0he0fexsricykfa7nopufgeknomh"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434807/; classtype:trojan-activity;sid:84297907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434801)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/c4pw93esk3wajmnntptmbugtjvhetnbkbq"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434801/; classtype:trojan-activity;sid:84297901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434802)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/wdvxv9agjweyq8rftjy9t8en6dikbdc2ai"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434802/; classtype:trojan-activity;sid:84297902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434803)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/l7bymeaezrbgyqf5hgc9dhvxeilbtugram"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434803/; classtype:trojan-activity;sid:84297903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434804)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/wc3ejba8gntaot2napti51vidm0nukkmxp"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434804/; classtype:trojan-activity;sid:84297904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434805)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bb4zbjpqfkiirwiqconjb5k7cszzaqjgg7"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434805/; classtype:trojan-activity;sid:84297905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434806)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/h3blflo5ecdmnm9ablctytytgdyior8dlf"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434806/; classtype:trojan-activity;sid:84297906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434800)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/svbmj3atyktnijkd22bzor1n635kdp3ttf"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434800/; classtype:trojan-activity;sid:84297900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434790)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nj5edt4e8wernbasx8rper9cjvfggaql5z"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434790/; classtype:trojan-activity;sid:84297890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434791)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/1wleft8bycllyaks1lyacdcnmclblgzftx"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434791/; classtype:trojan-activity;sid:84297891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434792)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/c7wz8jqz2pkf7lupmvmihcseuz9ksaup5k"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434792/; classtype:trojan-activity;sid:84297892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434793)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/6kol1vsmn3agqetzmx29ilwfptgq4o0xnu"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434793/; classtype:trojan-activity;sid:84297893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434794)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dadg316artvsrpm82dbwldnzhwdvwtslkf"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434794/; classtype:trojan-activity;sid:84297894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434795)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kltracgsjay8sbntqtnshhqquxfmiopl6w"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434795/; classtype:trojan-activity;sid:84297895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434796)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bg52djoyuni7jwlphkk3tde56xa57bqdbw"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434796/; classtype:trojan-activity;sid:84297896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434797)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ehnb2fqlwfqmgzonbxjq4sym2wcctqhidg"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434797/; classtype:trojan-activity;sid:84297897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434798)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ivqmsp8bwzii2mo8jo13vway1rez15hmtm"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434798/; classtype:trojan-activity;sid:84297898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434799)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xo5sqivcr7mupd27ghdvkwbkpq2olbkroo"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434799/; classtype:trojan-activity;sid:84297899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.181.110.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434789/; classtype:trojan-activity;sid:84297889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.44.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434787/; classtype:trojan-activity;sid:84297887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.55.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434788/; classtype:trojan-activity;sid:84297888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.25.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434786/; classtype:trojan-activity;sid:84297886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.37.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434785/; classtype:trojan-activity;sid:84297885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.102.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434784/; classtype:trojan-activity;sid:84297884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.150.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434783/; classtype:trojan-activity;sid:84297883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.81.223.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434782/; classtype:trojan-activity;sid:84297882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.89.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434781/; classtype:trojan-activity;sid:84297881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.47.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434780/; classtype:trojan-activity;sid:84297880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.181.110.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434779/; classtype:trojan-activity;sid:84297879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.77.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434778/; classtype:trojan-activity;sid:84297878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434776)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.201.92.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434776/; classtype:trojan-activity;sid:84297876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434777)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.72.201"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434777/; classtype:trojan-activity;sid:84297877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.115.166.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434775/; classtype:trojan-activity;sid:84297875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.150.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434774/; classtype:trojan-activity;sid:84297874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.255.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434772/; classtype:trojan-activity;sid:84297872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.230.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434773/; classtype:trojan-activity;sid:84297873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"161.248.55.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434771/; classtype:trojan-activity;sid:84297871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.131.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434770/; classtype:trojan-activity;sid:84297870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.97.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434766/; classtype:trojan-activity;sid:84297866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.55.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434767/; classtype:trojan-activity;sid:84297867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.251.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434768/; classtype:trojan-activity;sid:84297868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.49.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434769/; classtype:trojan-activity;sid:84297869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.37.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434765/; classtype:trojan-activity;sid:84297865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.72.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434764/; classtype:trojan-activity;sid:84297864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.215.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434763/; classtype:trojan-activity;sid:84297863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.77.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434762/; classtype:trojan-activity;sid:84297862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.161.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434761/; classtype:trojan-activity;sid:84297861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.170.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434760/; classtype:trojan-activity;sid:84297860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.115.166.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434759/; classtype:trojan-activity;sid:84297859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.203.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434758/; classtype:trojan-activity;sid:84297858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.234.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434757/; classtype:trojan-activity;sid:84297857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.251.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434756/; classtype:trojan-activity;sid:84297856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.72.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434755/; classtype:trojan-activity;sid:84297855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434754)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.51.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434754/; classtype:trojan-activity;sid:84297854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434753)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.3.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434753/; classtype:trojan-activity;sid:84297853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434751)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.99.152.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434751/; classtype:trojan-activity;sid:84297851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.93.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434752/; classtype:trojan-activity;sid:84297852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.115.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434750/; classtype:trojan-activity;sid:84297850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.55.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434749/; classtype:trojan-activity;sid:84297849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.230.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434748/; classtype:trojan-activity;sid:84297848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.161.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434747/; classtype:trojan-activity;sid:84297847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.72.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434746/; classtype:trojan-activity;sid:84297846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.236.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434745/; classtype:trojan-activity;sid:84297845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434744)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.42.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434744/; classtype:trojan-activity;sid:84297844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434743)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434743/; classtype:trojan-activity;sid:84297843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434742)"; flow:established,from_client; content:"GET"; http_method; content:"/2025/02/09/13/593405740.png"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"www2.0zz0.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434742/; classtype:trojan-activity;sid:84297842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.29.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434741/; classtype:trojan-activity;sid:84297841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434739)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.showing.pw"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434739/; classtype:trojan-activity;sid:84297839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.11.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434740/; classtype:trojan-activity;sid:84297840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.39.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434738/; classtype:trojan-activity;sid:84297838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434737)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.agility.website"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434737/; classtype:trojan-activity;sid:84297837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.50.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434736/; classtype:trojan-activity;sid:84297836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.107.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434735/; classtype:trojan-activity;sid:84297835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434734)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.137.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434734/; classtype:trojan-activity;sid:84297834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.201.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434733/; classtype:trojan-activity;sid:84297833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434732)"; flow:established,from_client; content:"GET"; http_method; content:"/txt/cycepcnch4antqj.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"weixe.ir"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434732/; classtype:trojan-activity;sid:84297832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.29.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434731/; classtype:trojan-activity;sid:84297831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434730)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.riverbed.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434730/; classtype:trojan-activity;sid:84297830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.143.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434729/; classtype:trojan-activity;sid:84297829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.48.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434728/; classtype:trojan-activity;sid:84297828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.39.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434727/; classtype:trojan-activity;sid:84297827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.238.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434726/; classtype:trojan-activity;sid:84297826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.50.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434725/; classtype:trojan-activity;sid:84297825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.107.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434724/; classtype:trojan-activity;sid:84297824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.201.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434723/; classtype:trojan-activity;sid:84297823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.41.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434722/; classtype:trojan-activity;sid:84297822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434721)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.28.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434721/; classtype:trojan-activity;sid:84297821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.252.181.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434720/; classtype:trojan-activity;sid:84297820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.236.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434719/; classtype:trojan-activity;sid:84297819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.31.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434718/; classtype:trojan-activity;sid:84297818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.138.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434717/; classtype:trojan-activity;sid:84297817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434716)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.55.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434716/; classtype:trojan-activity;sid:84297816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.11.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434715/; classtype:trojan-activity;sid:84297815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434713)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.reentry.website"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434713/; classtype:trojan-activity;sid:84297813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434714)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.stench.site"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434714/; classtype:trojan-activity;sid:84297814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.11.125"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434712/; classtype:trojan-activity;sid:84297812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.128.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434711/; classtype:trojan-activity;sid:84297811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.16.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434710/; classtype:trojan-activity;sid:84297810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.138.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434709/; classtype:trojan-activity;sid:84297809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.12.205.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434707/; classtype:trojan-activity;sid:84297807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.11.125"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434708/; classtype:trojan-activity;sid:84297808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.195.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434706/; classtype:trojan-activity;sid:84297806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.141.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434702/; classtype:trojan-activity;sid:84297802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434703)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.61.231.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434703/; classtype:trojan-activity;sid:84297803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.37.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434704/; classtype:trojan-activity;sid:84297804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.234.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434705/; classtype:trojan-activity;sid:84297805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.16.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434701/; classtype:trojan-activity;sid:84297801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434699)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.206.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434699/; classtype:trojan-activity;sid:84297799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.33.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434700/; classtype:trojan-activity;sid:84297800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.243.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434698/; classtype:trojan-activity;sid:84297798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.115.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434697/; classtype:trojan-activity;sid:84297797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.195.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434696/; classtype:trojan-activity;sid:84297796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434695)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.161.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434695/; classtype:trojan-activity;sid:84297795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434694)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.144.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434694/; classtype:trojan-activity;sid:84297794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.37.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434693/; classtype:trojan-activity;sid:84297793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.243.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434692/; classtype:trojan-activity;sid:84297792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.115.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434691/; classtype:trojan-activity;sid:84297791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.43.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434690/; classtype:trojan-activity;sid:84297790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434689)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.232.93.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434689/; classtype:trojan-activity;sid:84297789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434688)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.132.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434688/; classtype:trojan-activity;sid:84297788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.37.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434687/; classtype:trojan-activity;sid:84297787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.46.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434686/; classtype:trojan-activity;sid:84297786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.60.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434685/; classtype:trojan-activity;sid:84297785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434683)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.36.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434683/; classtype:trojan-activity;sid:84297783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434684)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.36.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434684/; classtype:trojan-activity;sid:84297784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434682)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.9.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434682/; classtype:trojan-activity;sid:84297782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434680)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.249.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434680/; classtype:trojan-activity;sid:84297780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434681)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.250.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434681/; classtype:trojan-activity;sid:84297781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434679)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.203.72.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434679/; classtype:trojan-activity;sid:84297779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434678)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.197.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434678/; classtype:trojan-activity;sid:84297778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434676)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.247.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434676/; classtype:trojan-activity;sid:84297776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434677)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.0.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434677/; classtype:trojan-activity;sid:84297777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434672)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.17.132"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434672/; classtype:trojan-activity;sid:84297772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434673)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.6.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434673/; classtype:trojan-activity;sid:84297773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434674)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.94.193.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434674/; classtype:trojan-activity;sid:84297774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434675)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.209.162.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434675/; classtype:trojan-activity;sid:84297775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434669)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.227.7.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434669/; classtype:trojan-activity;sid:84297769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.250.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434670/; classtype:trojan-activity;sid:84297770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.247.10.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434671/; classtype:trojan-activity;sid:84297771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.43.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434618/; classtype:trojan-activity;sid:84297718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.6.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434617/; classtype:trojan-activity;sid:84297717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.182.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434616/; classtype:trojan-activity;sid:84297716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434615)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.9.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434615/; classtype:trojan-activity;sid:84297715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434614)"; flow:established,from_client; content:"GET"; http_method; content:"/g.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"kvndbb3.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434614/; classtype:trojan-activity;sid:84297714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.78.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434613/; classtype:trojan-activity;sid:84297713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.6.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434612/; classtype:trojan-activity;sid:84297712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.144.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434610/; classtype:trojan-activity;sid:84297710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.101.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434611/; classtype:trojan-activity;sid:84297711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.1.181"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434609/; classtype:trojan-activity;sid:84297709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.182.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434608/; classtype:trojan-activity;sid:84297708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.95.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434607/; classtype:trojan-activity;sid:84297707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.51.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434606/; classtype:trojan-activity;sid:84297706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.26.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434605/; classtype:trojan-activity;sid:84297705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.177.28.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434604/; classtype:trojan-activity;sid:84297704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.165.93.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434603/; classtype:trojan-activity;sid:84297703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.114.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434602/; classtype:trojan-activity;sid:84297702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.120.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434601/; classtype:trojan-activity;sid:84297701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434599)"; flow:established,from_client; content:"GET"; http_method; content:"/yt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.177.110.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434599/; classtype:trojan-activity;sid:84297699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434600)"; flow:established,from_client; content:"GET"; http_method; content:"/iivhd.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.177.110.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434600/; classtype:trojan-activity;sid:84297700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434598)"; flow:established,from_client; content:"GET"; http_method; content:"/decolourants.bat"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"31.57.166.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434598/; classtype:trojan-activity;sid:84297698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.213.181.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434597/; classtype:trojan-activity;sid:84297697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.144.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434596/; classtype:trojan-activity;sid:84297696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.101.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434595/; classtype:trojan-activity;sid:84297695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.1.181"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434594/; classtype:trojan-activity;sid:84297694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434593)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.oink2.space"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434593/; classtype:trojan-activity;sid:84297693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.51.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434592/; classtype:trojan-activity;sid:84297692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.53.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434591/; classtype:trojan-activity;sid:84297691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434590)"; flow:established,from_client; content:"GET"; http_method; content:"/altabross/fud-batch/raw/refs/heads/main/no.pdf"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434590/; classtype:trojan-activity;sid:84297690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434588)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/codde.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434588/; classtype:trojan-activity;sid:84297688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434589)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/es.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434589/; classtype:trojan-activity;sid:84297689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434584)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/don.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434584/; classtype:trojan-activity;sid:84297684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434585)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/emgg.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434585/; classtype:trojan-activity;sid:84297685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434586)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/coddee.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434586/; classtype:trojan-activity;sid:84297686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434587)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/emg.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434587/; classtype:trojan-activity;sid:84297687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434583)"; flow:established,from_client; content:"GET"; http_method; content:"/heh/output/client/update.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.105.116.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434583/; classtype:trojan-activity;sid:84297683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434582/; classtype:trojan-activity;sid:84297682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434579)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.185.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434579/; classtype:trojan-activity;sid:84297679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434580)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.2.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434580/; classtype:trojan-activity;sid:84297680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434581)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.172.35.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434581/; classtype:trojan-activity;sid:84297681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434578)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.69.56.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434578/; classtype:trojan-activity;sid:84297678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.21.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434577/; classtype:trojan-activity;sid:84297677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434576)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.99.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434576/; classtype:trojan-activity;sid:84297676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.165.93.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434575/; classtype:trojan-activity;sid:84297675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.160.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434574/; classtype:trojan-activity;sid:84297674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.42.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434572/; classtype:trojan-activity;sid:84297672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.183.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434573/; classtype:trojan-activity;sid:84297673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.21.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434571/; classtype:trojan-activity;sid:84297671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.165.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434570/; classtype:trojan-activity;sid:84297670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434567)"; flow:established,from_client; content:"GET"; http_method; content:"/x/irq2"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.23.67.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434567/; classtype:trojan-activity;sid:84297667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434568)"; flow:established,from_client; content:"GET"; http_method; content:"/x/irq1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.23.67.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434568/; classtype:trojan-activity;sid:84297668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434569)"; flow:established,from_client; content:"GET"; http_method; content:"/x/irq0"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.23.67.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434569/; classtype:trojan-activity;sid:84297669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434566)"; flow:established,from_client; content:"GET"; http_method; content:"/x/pty"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"83.23.67.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434566/; classtype:trojan-activity;sid:84297666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434565)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.116.244.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434565/; classtype:trojan-activity;sid:84297665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.212.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434564/; classtype:trojan-activity;sid:84297664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.120.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434563/; classtype:trojan-activity;sid:84297663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.55.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434561/; classtype:trojan-activity;sid:84297661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.116.94.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434562/; classtype:trojan-activity;sid:84297662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434560)"; flow:established,from_client; content:"GET"; http_method; content:"/b313d4a4588bd2e7bc9ece877caba58a.png"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"rbk.scalingposturestrife.shop"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434560/; classtype:trojan-activity;sid:84297660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434559)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.145.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434559/; classtype:trojan-activity;sid:84297659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434558)"; flow:established,from_client; content:"GET"; http_method; content:"/api/file/get|3f|filekey=sldqrgq50zklgbv2btqmo2qkvfdfpsrcclmwswd7hdbiiyhzxw5i9ngxi3_oga|7c|26|7c|pk_vid=342803d1cc4e3b801738956709b5fe9d"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"1013.filemail.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434558/; classtype:trojan-activity;sid:84297658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434556)"; flow:established,from_client; content:"GET"; http_method; content:"/proltop1/popka/raw/master/svchost.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434556/; classtype:trojan-activity;sid:84297656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434557)"; flow:established,from_client; content:"GET"; http_method; content:"/d/lynomp2m/0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434557/; classtype:trojan-activity;sid:84297657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434554)"; flow:established,from_client; content:"GET"; http_method; content:"/mommynikiits/nottouchingdd/master/device2.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434554/; classtype:trojan-activity;sid:84297654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434555)"; flow:established,from_client; content:"GET"; http_method; content:"/vasyalala0111/badlion/raw/master/mjud.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434555/; classtype:trojan-activity;sid:84297655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434552)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.plentiful2.space"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434552/; classtype:trojan-activity;sid:84297652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434553)"; flow:established,from_client; content:"GET"; http_method; content:"/itschangat/test/blob/main/server.exe|3f|raw=true"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434553/; classtype:trojan-activity;sid:84297653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.183.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434550/; classtype:trojan-activity;sid:84297650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434551)"; flow:established,from_client; content:"GET"; http_method; content:"/d/z4qloc5j"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434551/; classtype:trojan-activity;sid:84297651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.254.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434549/; classtype:trojan-activity;sid:84297649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"210.10.180.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434548/; classtype:trojan-activity;sid:84297648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.165.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434547/; classtype:trojan-activity;sid:84297647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.83.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434546/; classtype:trojan-activity;sid:84297646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.78.100"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434545/; classtype:trojan-activity;sid:84297645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434544)"; flow:established,from_client; content:"GET"; http_method; content:"/onlystealernew"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"klingpremium.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434544/; classtype:trojan-activity;sid:84297644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.212.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434543/; classtype:trojan-activity;sid:84297643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434542)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.221.161.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434542/; classtype:trojan-activity;sid:84297642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434540)"; flow:established,from_client; content:"GET"; http_method; content:"/xfiles/train.mp4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"dns-verify-me.pro"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434540/; classtype:trojan-activity;sid:84297640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434541)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.6.186"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434541/; classtype:trojan-activity;sid:84297641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.116.94.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434539/; classtype:trojan-activity;sid:84297639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.120.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434538/; classtype:trojan-activity;sid:84297638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434537)"; flow:established,from_client; content:"GET"; http_method; content:"/mrx.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"klingpremium.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434537/; classtype:trojan-activity;sid:84297637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434536/; classtype:trojan-activity;sid:84297636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.137.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434535/; classtype:trojan-activity;sid:84297635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.78.100"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434534/; classtype:trojan-activity;sid:84297634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.38.123.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434533/; classtype:trojan-activity;sid:84297633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.30.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434532/; classtype:trojan-activity;sid:84297632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.96.245.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434531/; classtype:trojan-activity;sid:84297631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434530/; classtype:trojan-activity;sid:84297630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.125.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434528/; classtype:trojan-activity;sid:84297628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.31.202.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434529/; classtype:trojan-activity;sid:84297629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.99.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434526/; classtype:trojan-activity;sid:84297626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.165.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434527/; classtype:trojan-activity;sid:84297627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434523)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/fbo/sheisgoodpersonforbesttome.txt"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"192.3.193.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434523/; classtype:trojan-activity;sid:84297623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434524)"; flow:established,from_client; content:"GET"; http_method; content:"/645/seethebestthingswithbstteamworkgiven.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"192.3.179.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434524/; classtype:trojan-activity;sid:84297624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434525)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7967666176/13z5sqy.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434525/; classtype:trojan-activity;sid:84297625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434520)"; flow:established,from_client; content:"GET"; http_method; content:"/temperloin/piponis/raw/refs/heads/main/jrirkfiweid.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434520/; classtype:trojan-activity;sid:84297620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434521)"; flow:established,from_client; content:"GET"; http_method; content:"/temperloin/piponis/raw/refs/heads/main/cjrimgid.exe/"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434521/; classtype:trojan-activity;sid:84297621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434522)"; flow:established,from_client; content:"GET"; http_method; content:"/temperloin/piponis/raw/refs/heads/main/cjrimgid.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434522/; classtype:trojan-activity;sid:84297622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434519)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7132776280/ic7hgwn.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434519/; classtype:trojan-activity;sid:84297619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434516)"; flow:established,from_client; content:"GET"; http_method; content:"/645/grls/seethebestthingswithbstteamworkgiven.hta"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"192.3.179.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434516/; classtype:trojan-activity;sid:84297616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434517)"; flow:established,from_client; content:"GET"; http_method; content:"/ailojam/aiopef/raw/refs/heads/main/bothkklasda.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434517/; classtype:trojan-activity;sid:84297617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434518)"; flow:established,from_client; content:"GET"; http_method; content:"/540/seemethebestthingswithgivenuwithmygirlfriendsheis.txt"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"217.160.163.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434518/; classtype:trojan-activity;sid:84297618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434514)"; flow:established,from_client; content:"GET"; http_method; content:"/lem.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"yodartustteam.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434514/; classtype:trojan-activity;sid:84297614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434515)"; flow:established,from_client; content:"GET"; http_method; content:"/540/esmaa/seemethebestthingswithgivenuwithmygirlfriendsheis.hta"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"217.160.163.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434515/; classtype:trojan-activity;sid:84297615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434507)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6012304042/80skylp.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434507/; classtype:trojan-activity;sid:84297607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434508)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7193289845/ijwsn6z.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434508/; classtype:trojan-activity;sid:84297608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434509)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6691015685/bjkm5he.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434509/; classtype:trojan-activity;sid:84297609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434510)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7387547671/ebvdkar.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434510/; classtype:trojan-activity;sid:84297610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434511)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7359455182/bjofacx.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434511/; classtype:trojan-activity;sid:84297611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434512)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7127454373/e7i5ezm.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434512/; classtype:trojan-activity;sid:84297612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434513)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.cape1.space"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434513/; classtype:trojan-activity;sid:84297613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434506)"; flow:established,from_client; content:"GET"; http_method; content:"/540/esmaa/esm/seemethebestthingswithgivenuwithmygirlfriendsheis_________seemethebestthingswithgivenuwithmygirl__________seemethebestthingswithgivenuwith.doc"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"217.160.163.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434506/; classtype:trojan-activity;sid:84297606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.52.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434505/; classtype:trojan-activity;sid:84297605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.96.245.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434504/; classtype:trojan-activity;sid:84297604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434503)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434503/; classtype:trojan-activity;sid:84297603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434502)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.134.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434502/; classtype:trojan-activity;sid:84297602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434496)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434496/; classtype:trojan-activity;sid:84297596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434497)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.178.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434497/; classtype:trojan-activity;sid:84297597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434498/; classtype:trojan-activity;sid:84297598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434499)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.11.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434499/; classtype:trojan-activity;sid:84297599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434500)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.36.187.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434500/; classtype:trojan-activity;sid:84297600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434501)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.63.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434501/; classtype:trojan-activity;sid:84297601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434495)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.113.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434495/; classtype:trojan-activity;sid:84297595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434494)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.169.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434494/; classtype:trojan-activity;sid:84297594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434493)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.136.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434493/; classtype:trojan-activity;sid:84297593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434492)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.4.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434492/; classtype:trojan-activity;sid:84297592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.15.23.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434489/; classtype:trojan-activity;sid:84297589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434490)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.190.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434490/; classtype:trojan-activity;sid:84297590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434491)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434491/; classtype:trojan-activity;sid:84297591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.9.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434488/; classtype:trojan-activity;sid:84297588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.82.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434487/; classtype:trojan-activity;sid:84297587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.9.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434486/; classtype:trojan-activity;sid:84297586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434485/; classtype:trojan-activity;sid:84297585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.30.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434484/; classtype:trojan-activity;sid:84297584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434483)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.31.202.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434483/; classtype:trojan-activity;sid:84297583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.1.248"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434482/; classtype:trojan-activity;sid:84297582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.189.152.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434479/; classtype:trojan-activity;sid:84297579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434480)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.182.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434480/; classtype:trojan-activity;sid:84297580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434481)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.241.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434481/; classtype:trojan-activity;sid:84297581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.45.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434478/; classtype:trojan-activity;sid:84297578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.87.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434477/; classtype:trojan-activity;sid:84297577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.10.180.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434476/; classtype:trojan-activity;sid:84297576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434475)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.15.23.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434475/; classtype:trojan-activity;sid:84297575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434474)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.252.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434474/; classtype:trojan-activity;sid:84297574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.1.248"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434473/; classtype:trojan-activity;sid:84297573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.45.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434472/; classtype:trojan-activity;sid:84297572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.134.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434471/; classtype:trojan-activity;sid:84297571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434470)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434470/; classtype:trojan-activity;sid:84297570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.162.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434469/; classtype:trojan-activity;sid:84297569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.87.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434468/; classtype:trojan-activity;sid:84297568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.152.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434467/; classtype:trojan-activity;sid:84297567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.225.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434466/; classtype:trojan-activity;sid:84297566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434465)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.87.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434465/; classtype:trojan-activity;sid:84297565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.111.110.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434464/; classtype:trojan-activity;sid:84297564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434463/; classtype:trojan-activity;sid:84297563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.158.158.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434462/; classtype:trojan-activity;sid:84297562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.94.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434461/; classtype:trojan-activity;sid:84297561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.162.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434460/; classtype:trojan-activity;sid:84297560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.225.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434459/; classtype:trojan-activity;sid:84297559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.109.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434458/; classtype:trojan-activity;sid:84297558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.30.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434457/; classtype:trojan-activity;sid:84297557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434456)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.146.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434456/; classtype:trojan-activity;sid:84297556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.212.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434455/; classtype:trojan-activity;sid:84297555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.211.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434454/; classtype:trojan-activity;sid:84297554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.250.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434453/; classtype:trojan-activity;sid:84297553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434452)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/fbo/miyo/seethebestthingstogetbacksheisbeautifulgirl.hta"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"192.3.193.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434452/; classtype:trojan-activity;sid:84297552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434451)"; flow:established,from_client; content:"GET"; http_method; content:"/jsihidlfhxtytakotcr217.bin"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"46.183.222.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434451/; classtype:trojan-activity;sid:84297551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.55.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434450/; classtype:trojan-activity;sid:84297550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.94.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434449/; classtype:trojan-activity;sid:84297549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.171.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434448/; classtype:trojan-activity;sid:84297548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434447/; classtype:trojan-activity;sid:84297547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.255.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434445/; classtype:trojan-activity;sid:84297545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.86.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434446/; classtype:trojan-activity;sid:84297546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434444)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.9.100.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434444/; classtype:trojan-activity;sid:84297544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434443)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.defendant.store"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434443/; classtype:trojan-activity;sid:84297543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.194.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434442/; classtype:trojan-activity;sid:84297542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.208.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434441/; classtype:trojan-activity;sid:84297541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.30.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434438/; classtype:trojan-activity;sid:84297538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.211.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434439/; classtype:trojan-activity;sid:84297539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434440)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.111.110.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434440/; classtype:trojan-activity;sid:84297540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.94.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434437/; classtype:trojan-activity;sid:84297537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.88.173.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434436/; classtype:trojan-activity;sid:84297536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.158.158.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434435/; classtype:trojan-activity;sid:84297535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.90.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434434/; classtype:trojan-activity;sid:84297534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.253.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434433/; classtype:trojan-activity;sid:84297533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434432)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.205.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434432/; classtype:trojan-activity;sid:84297532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.128.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434431/; classtype:trojan-activity;sid:84297531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.128.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434430/; classtype:trojan-activity;sid:84297530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434429)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.123.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434429/; classtype:trojan-activity;sid:84297529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434428)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.43.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434428/; classtype:trojan-activity;sid:84297528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434427)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434427/; classtype:trojan-activity;sid:84297527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.90.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434426/; classtype:trojan-activity;sid:84297526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.250.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434425/; classtype:trojan-activity;sid:84297525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.67.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434424/; classtype:trojan-activity;sid:84297524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.86.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434423/; classtype:trojan-activity;sid:84297523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.85.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434422/; classtype:trojan-activity;sid:84297522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.36.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434421/; classtype:trojan-activity;sid:84297521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.4.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434420/; classtype:trojan-activity;sid:84297520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.94.142.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434418/; classtype:trojan-activity;sid:84297518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.96.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434419/; classtype:trojan-activity;sid:84297519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434417)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.237.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434417/; classtype:trojan-activity;sid:84297517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.208.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434416/; classtype:trojan-activity;sid:84297516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.175.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434415/; classtype:trojan-activity;sid:84297515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.109.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434414/; classtype:trojan-activity;sid:84297514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434413)"; flow:established,from_client; content:"GET"; http_method; content:"/8kuv.ps1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"0x0.st"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434413/; classtype:trojan-activity;sid:84297513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.36.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434412/; classtype:trojan-activity;sid:84297512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434411)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.7.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434411/; classtype:trojan-activity;sid:84297511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434410)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.2.72"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434410/; classtype:trojan-activity;sid:84297510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434409)"; flow:established,from_client; content:"GET"; http_method; content:"/spread.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"26.77.178.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434409/; classtype:trojan-activity;sid:84297509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434408)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.jokingly.store"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434408/; classtype:trojan-activity;sid:84297508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434407/; classtype:trojan-activity;sid:84297507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434406)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.85.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434406/; classtype:trojan-activity;sid:84297506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.96.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434405/; classtype:trojan-activity;sid:84297505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.55.30.63"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434404/; classtype:trojan-activity;sid:84297504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.99.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434403/; classtype:trojan-activity;sid:84297503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434402)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.152.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434402/; classtype:trojan-activity;sid:84297502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.248.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434401/; classtype:trojan-activity;sid:84297501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.55.30.63"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434400/; classtype:trojan-activity;sid:84297500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.197.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434399/; classtype:trojan-activity;sid:84297499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434398)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.125.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434398/; classtype:trojan-activity;sid:84297498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.12.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434396/; classtype:trojan-activity;sid:84297496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434397)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.10.173.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434397/; classtype:trojan-activity;sid:84297497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434394)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.113.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434394/; classtype:trojan-activity;sid:84297494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.19.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434395/; classtype:trojan-activity;sid:84297495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434393)"; flow:established,from_client; content:"GET"; http_method; content:"/important_update_0924_571c2_hks.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"convince.b-cdn.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434393/; classtype:trojan-activity;sid:84297493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434392)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/asfsa/releases/download/fdsf/lionda.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434392/; classtype:trojan-activity;sid:84297492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434391)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/gads/releases/download/fgfgf/capcut_installer_12.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434391/; classtype:trojan-activity;sid:84297491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434388)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/ffdsfdsf/releases/download/dsfsdf/install250.exe"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434388/; classtype:trojan-activity;sid:84297488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434389)"; flow:established,from_client; content:"GET"; http_method; content:"/cp_sh.eml"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"u2.latenativereunion.shop"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434389/; classtype:trojan-activity;sid:84297489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434390)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/rtgrgdfg/releases/download/dfsdfsf/capcut.installer.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434390/; classtype:trojan-activity;sid:84297490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434385)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/zakaz2/releases/download/zakaz2/liddad.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434385/; classtype:trojan-activity;sid:84297485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434386)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/zakaz5/releases/download/zakaz5/client_jackbastadguy.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434386/; classtype:trojan-activity;sid:84297486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434387)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/mmm/releases/download/kkkk/nonia.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434387/; classtype:trojan-activity;sid:84297487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434384)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/343/releases/download/dsfafaf/l4.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434384/; classtype:trojan-activity;sid:84297484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434383)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/prosody/releases/download/djdjd/12.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434383/; classtype:trojan-activity;sid:84297483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434382)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/kdkdks/releases/download/jdkdkd/filw.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434382/; classtype:trojan-activity;sid:84297482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434381)"; flow:established,from_client; content:"GET"; http_method; content:"/files/martin1/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434381/; classtype:trojan-activity;sid:84297481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434378)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/kakakak/releases/download/dsfsdf/luma.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434378/; classtype:trojan-activity;sid:84297478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434379)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/jane/releases/download/capcut/xerox.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434379/; classtype:trojan-activity;sid:84297479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434380)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/gold/releases/download/ggggg/gold1111111111.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434380/; classtype:trojan-activity;sid:84297480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434376)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/2231231/releases/download/dsfsdf/out.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434376/; classtype:trojan-activity;sid:84297476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434377)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/jjj/releases/download/jkjkj/blogsrobert.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434377/; classtype:trojan-activity;sid:84297477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434375)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/zakaz10/releases/download/13erfes/cfqza.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434375/; classtype:trojan-activity;sid:84297475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434368)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique2/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434368/; classtype:trojan-activity;sid:84297468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434369)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/zalkazi/releases/download/dsfds/client1234.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434369/; classtype:trojan-activity;sid:84297469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434370)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/zakaz6/releases/download/zakaz6/lummac2.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434370/; classtype:trojan-activity;sid:84297470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434371)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/zakaz213/releases/download/fsdfsdf/file.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434371/; classtype:trojan-activity;sid:84297471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434372)"; flow:established,from_client; content:"GET"; http_method; content:"/test/exe/random.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434372/; classtype:trojan-activity;sid:84297472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434373)"; flow:established,from_client; content:"GET"; http_method; content:"/files/martin2/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434373/; classtype:trojan-activity;sid:84297473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434374)"; flow:established,from_client; content:"GET"; http_method; content:"/files/rast333a/random.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434374/; classtype:trojan-activity;sid:84297474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434367)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1453454495/fe36xbk.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434367/; classtype:trojan-activity;sid:84297467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434365)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5643377291/7fomotq.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434365/; classtype:trojan-activity;sid:84297465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434366)"; flow:established,from_client; content:"GET"; http_method; content:"/files/asjduwgsgausi/random.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434366/; classtype:trojan-activity;sid:84297466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434364)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6838199981/ddfw6mj.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434364/; classtype:trojan-activity;sid:84297464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434359)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1506757897/b6v4rod.ps1"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434359/; classtype:trojan-activity;sid:84297459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434360)"; flow:established,from_client; content:"GET"; http_method; content:"/totallysafe.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"151.95.147.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434360/; classtype:trojan-activity;sid:84297460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434361)"; flow:established,from_client; content:"GET"; http_method; content:"/totallysafe2.ps1"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"151.95.147.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434361/; classtype:trojan-activity;sid:84297461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434362)"; flow:established,from_client; content:"GET"; http_method; content:"/totallysafe1.ps1"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"151.95.147.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434362/; classtype:trojan-activity;sid:84297462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434363)"; flow:established,from_client; content:"GET"; http_method; content:"/get-reverseshell/get-reverseshell.ps1"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"151.95.147.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434363/; classtype:trojan-activity;sid:84297463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434358)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/fsdfdsfds/releases/download/sdfsdfsfdfsd/lem.exe"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434358/; classtype:trojan-activity;sid:84297458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434357)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/dffdsfdssdfsfd/releases/download/dsfdsffdsdsffsd/start-this-105.exe"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434357/; classtype:trojan-activity;sid:84297457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434355)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/fffff/releases/download/dfdf/furra.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434355/; classtype:trojan-activity;sid:84297455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434356)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/jsjdjd/releases/download/jdmdmd/main.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434356/; classtype:trojan-activity;sid:84297456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434352)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/sdfsdffsdfds/releases/download/kkkkk/furra.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434352/; classtype:trojan-activity;sid:84297452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434353)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/fdsfsdfdsffsd/releases/download/fsdfsdfsdf/start-this-822.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434353/; classtype:trojan-activity;sid:84297453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434354)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/kdksffsdfsdf/releases/download/asaawq/start-this-970.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434354/; classtype:trojan-activity;sid:84297454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434350)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/sffdsfdssdfdsff/releases/download/dsfdsfdfsdsfdsf/run.exe"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434350/; classtype:trojan-activity;sid:84297450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434351)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/fsdfsd/releases/download/dsfsdfsdfsdf/dropbox.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434351/; classtype:trojan-activity;sid:84297451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434348)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/lsldlld/releases/download/fdsfsdfsdfds/a.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434348/; classtype:trojan-activity;sid:84297448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434349)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/dsffdsfds/releases/download/fdsfdfsfds/zeusrowdy.clientsetup.exe"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434349/; classtype:trojan-activity;sid:84297449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434346)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/sdffdssdfdsf/releases/download/fsdfdsfds/windows.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434346/; classtype:trojan-activity;sid:84297446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434347)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/dfdf/releases/download/fdsfsdf/legalex.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434347/; classtype:trojan-activity;sid:84297447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434345)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/fdsfdsfdsfdfsdfds/releases/download/fdsfdsfdsdsfsfddsf/raveolli_crypted_lab.exe"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434345/; classtype:trojan-activity;sid:84297445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434342)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/asvsvvvv/releases/download/fssaffas/user.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434342/; classtype:trojan-activity;sid:84297442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434343)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/sdfdsffdsfds/releases/download/sdfdsdfsdsf/alllleeee.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434343/; classtype:trojan-activity;sid:84297443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434344)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/sdgsdggds/releases/download/sdfdsfdfsfdsdfsdfs/evoitk.filmora.exe"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434344/; classtype:trojan-activity;sid:84297444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434341)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/fdsfdsfdsfdsfds/releases/download/edsfsdfsdf/voice.exe"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434341/; classtype:trojan-activity;sid:84297441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434340)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/dsfdsf/releases/download/dsffsdf/europe.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434340/; classtype:trojan-activity;sid:84297440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434339)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/dsfdfsdf/releases/download/fdsfdsfds/genvalobj.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434339/; classtype:trojan-activity;sid:84297439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434335)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/fddsfdsfdfds/releases/download/fdfsfddffsd/alex12312312321.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434335/; classtype:trojan-activity;sid:84297435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434336)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/sdgdsggds/releases/download/dsffdsfdsfsdd/install.exe"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434336/; classtype:trojan-activity;sid:84297436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434337)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/dsffsfdsfdsfds/releases/download/fsdfsdffsddfs/uniq12321112.exe"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434337/; classtype:trojan-activity;sid:84297437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434338)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/dfsfsdfsdf/releases/download/fsdfdsfdsf/leg.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434338/; classtype:trojan-activity;sid:84297438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434331)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/fsdfsdffs/releases/download/fsdfdsff/uniqwwww.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434331/; classtype:trojan-activity;sid:84297431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434332)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/dfsfsdfdsf/releases/download/fdssddssd/docjets.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434332/; classtype:trojan-activity;sid:84297432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434333)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/jdjdjdjdjd/releases/download/mdmdd/salimuyu.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434333/; classtype:trojan-activity;sid:84297433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434334)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/uniqusera/releases/download/jdkdkd/uniqusername.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434334/; classtype:trojan-activity;sid:84297434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434325)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/dsfdsffdsfsd/releases/download/sdfsdfsdffds/build.exe"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434325/; classtype:trojan-activity;sid:84297425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434326)"; flow:established,from_client; content:"GET"; http_method; content:"/ruxt5k.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434326/; classtype:trojan-activity;sid:84297426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.67.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434327/; classtype:trojan-activity;sid:84297427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434328)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/fdsfdsfdsfdsf/releases/download/fsdfffff/ssss4.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434328/; classtype:trojan-activity;sid:84297428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434329)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/sdffdsfdsfdsdfs/releases/download/fdsfdsfsdfdsfsd/server.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434329/; classtype:trojan-activity;sid:84297429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434330)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/kdsfkdsfkfdsdfs/releases/download/dsfgdfgsgsfgsgdf/build.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434330/; classtype:trojan-activity;sid:84297430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434321)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/fdsfdsfdsfdsfdsfffff/releases/download/fsdfssdfdfsdfs/owowooww.exe"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434321/; classtype:trojan-activity;sid:84297421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434322)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/hnhhhhhh/releases/download/slaldasladsladsl/boob.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434322/; classtype:trojan-activity;sid:84297422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434323)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/dsfsdfsdf/releases/download/sdfsdffdsdsf/universitiesge.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434323/; classtype:trojan-activity;sid:84297423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434324)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/fdsgdsggsd/releases/download/sdffddfsdsfsfd/infected7.exe"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434324/; classtype:trojan-activity;sid:84297424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.205.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434317/; classtype:trojan-activity;sid:84297417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434318)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.autistic.store"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434318/; classtype:trojan-activity;sid:84297418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.91.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434319/; classtype:trojan-activity;sid:84297419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434320)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/fdgfdg/releases/download/fdgdfgdg/goldik.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434320/; classtype:trojan-activity;sid:84297420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434316)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/dsfsdffsd/releases/download/dsffdsfdssdf/miki.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434316/; classtype:trojan-activity;sid:84297416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434315)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/de373d0df/a31546bf"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.100.157.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434315/; classtype:trojan-activity;sid:84297415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434314)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/kkkkk/releases/download/hhhhhh//xclient.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434314/; classtype:trojan-activity;sid:84297414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434312)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/chicket/releases/download/chicken/capcut-installer_ver22.313x64.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434312/; classtype:trojan-activity;sid:84297412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434313)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary6911331/java-test123/releases/download/java123/capcut-installer.exe.js"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434313/; classtype:trojan-activity;sid:84297413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.150.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434311/; classtype:trojan-activity;sid:84297411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.185.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434310/; classtype:trojan-activity;sid:84297410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.81.94"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434309/; classtype:trojan-activity;sid:84297409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.78.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434308/; classtype:trojan-activity;sid:84297408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.109.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434306/; classtype:trojan-activity;sid:84297406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.248.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434307/; classtype:trojan-activity;sid:84297407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.74.97.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434305/; classtype:trojan-activity;sid:84297405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.37.11.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434304/; classtype:trojan-activity;sid:84297404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.0.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434303/; classtype:trojan-activity;sid:84297403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.2.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434302/; classtype:trojan-activity;sid:84297402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.88.173.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434301/; classtype:trojan-activity;sid:84297401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.29.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434300/; classtype:trojan-activity;sid:84297400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.19.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434299/; classtype:trojan-activity;sid:84297399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.19.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434298/; classtype:trojan-activity;sid:84297398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.2.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434297/; classtype:trojan-activity;sid:84297397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.91.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434296/; classtype:trojan-activity;sid:84297396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.115.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434294/; classtype:trojan-activity;sid:84297394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.93.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434295/; classtype:trojan-activity;sid:84297395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434293)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.185.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434293/; classtype:trojan-activity;sid:84297393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.54.99.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434292/; classtype:trojan-activity;sid:84297392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434290)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"3.17.144.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434290/; classtype:trojan-activity;sid:84297390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.154.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434291/; classtype:trojan-activity;sid:84297391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.84.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434289/; classtype:trojan-activity;sid:84297389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.205.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434288/; classtype:trojan-activity;sid:84297388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.109.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434287/; classtype:trojan-activity;sid:84297387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.232.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434286/; classtype:trojan-activity;sid:84297386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434285)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.234.219.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434285/; classtype:trojan-activity;sid:84297385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.2.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434284/; classtype:trojan-activity;sid:84297384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.0.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434282/; classtype:trojan-activity;sid:84297382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434283)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.127.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434283/; classtype:trojan-activity;sid:84297383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.107.96.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434281/; classtype:trojan-activity;sid:84297381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.115.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434280/; classtype:trojan-activity;sid:84297380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434278)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.14.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434278/; classtype:trojan-activity;sid:84297378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.147.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434279/; classtype:trojan-activity;sid:84297379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.40.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434277/; classtype:trojan-activity;sid:84297377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.29.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434276/; classtype:trojan-activity;sid:84297376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.160.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434275/; classtype:trojan-activity;sid:84297375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.232.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434273/; classtype:trojan-activity;sid:84297373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.9.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434274/; classtype:trojan-activity;sid:84297374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.123.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434272/; classtype:trojan-activity;sid:84297372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.37.11.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434271/; classtype:trojan-activity;sid:84297371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.59.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434270/; classtype:trojan-activity;sid:84297370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.137.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434269/; classtype:trojan-activity;sid:84297369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.12.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434268/; classtype:trojan-activity;sid:84297368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.147.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434267/; classtype:trojan-activity;sid:84297367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.97.113.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434266/; classtype:trojan-activity;sid:84297366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.173.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434265/; classtype:trojan-activity;sid:84297365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.87.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434264/; classtype:trojan-activity;sid:84297364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.150.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434263/; classtype:trojan-activity;sid:84297363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.127.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434262/; classtype:trojan-activity;sid:84297362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.107.96.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434261/; classtype:trojan-activity;sid:84297361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.66.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434259/; classtype:trojan-activity;sid:84297359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.220.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434260/; classtype:trojan-activity;sid:84297360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.89.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434258/; classtype:trojan-activity;sid:84297358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434257)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.231.148.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434257/; classtype:trojan-activity;sid:84297357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434256)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.60.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434256/; classtype:trojan-activity;sid:84297356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434255/; classtype:trojan-activity;sid:84297355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.123.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434254/; classtype:trojan-activity;sid:84297354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.97.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434253/; classtype:trojan-activity;sid:84297353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.95.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434252/; classtype:trojan-activity;sid:84297352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.203.145.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434251/; classtype:trojan-activity;sid:84297351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.15.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434250/; classtype:trojan-activity;sid:84297350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.141.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434249/; classtype:trojan-activity;sid:84297349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.255.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434248/; classtype:trojan-activity;sid:84297348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434247/; classtype:trojan-activity;sid:84297347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.120.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434246/; classtype:trojan-activity;sid:84297346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.220.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434245/; classtype:trojan-activity;sid:84297345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.224.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434244/; classtype:trojan-activity;sid:84297344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434243)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434243/; classtype:trojan-activity;sid:84297343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.67.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434242/; classtype:trojan-activity;sid:84297342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.36.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434240/; classtype:trojan-activity;sid:84297340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434241)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434241/; classtype:trojan-activity;sid:84297341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.89.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434238/; classtype:trojan-activity;sid:84297338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.239.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434239/; classtype:trojan-activity;sid:84297339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.224.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434237/; classtype:trojan-activity;sid:84297337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.243.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434236/; classtype:trojan-activity;sid:84297336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.95.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434235/; classtype:trojan-activity;sid:84297335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.243.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434234/; classtype:trojan-activity;sid:84297334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.67.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434233/; classtype:trojan-activity;sid:84297333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434232)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434232/; classtype:trojan-activity;sid:84297332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.60.225.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434231/; classtype:trojan-activity;sid:84297331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434230)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.33.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434230/; classtype:trojan-activity;sid:84297330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.120.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434229/; classtype:trojan-activity;sid:84297329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.141.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434228/; classtype:trojan-activity;sid:84297328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.236.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434227/; classtype:trojan-activity;sid:84297327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.137.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434226/; classtype:trojan-activity;sid:84297326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.97.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434225/; classtype:trojan-activity;sid:84297325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.36.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434224/; classtype:trojan-activity;sid:84297324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.215.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434223/; classtype:trojan-activity;sid:84297323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.73.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434222/; classtype:trojan-activity;sid:84297322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434221)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.81.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434221/; classtype:trojan-activity;sid:84297321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.208.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434220/; classtype:trojan-activity;sid:84297320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.122.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434219/; classtype:trojan-activity;sid:84297319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.248.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434218/; classtype:trojan-activity;sid:84297318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.36.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434217/; classtype:trojan-activity;sid:84297317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434216)"; flow:established,from_client; content:"GET"; http_method; content:"/x/1sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"83.23.67.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434216/; classtype:trojan-activity;sid:84297316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434215)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.15.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434215/; classtype:trojan-activity;sid:84297315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.40.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434214/; classtype:trojan-activity;sid:84297314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.225.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434213/; classtype:trojan-activity;sid:84297313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434210)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.0.81"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434210/; classtype:trojan-activity;sid:84297310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.137.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434211/; classtype:trojan-activity;sid:84297311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.24.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434212/; classtype:trojan-activity;sid:84297312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.236.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434209/; classtype:trojan-activity;sid:84297309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.60.202.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434208/; classtype:trojan-activity;sid:84297308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.39.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434207/; classtype:trojan-activity;sid:84297307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.84.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434205/; classtype:trojan-activity;sid:84297305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.105.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434206/; classtype:trojan-activity;sid:84297306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.122.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434204/; classtype:trojan-activity;sid:84297304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.165.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434202/; classtype:trojan-activity;sid:84297302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.100.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434203/; classtype:trojan-activity;sid:84297303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.208.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434201/; classtype:trojan-activity;sid:84297301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.72.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434200/; classtype:trojan-activity;sid:84297300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.11.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434199/; classtype:trojan-activity;sid:84297299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.0.81"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434198/; classtype:trojan-activity;sid:84297298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.207.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434197/; classtype:trojan-activity;sid:84297297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434196/; classtype:trojan-activity;sid:84297296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.174.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434194/; classtype:trojan-activity;sid:84297294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434195/; classtype:trojan-activity;sid:84297295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.63.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434192/; classtype:trojan-activity;sid:84297292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.30.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434193/; classtype:trojan-activity;sid:84297293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.240.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434191/; classtype:trojan-activity;sid:84297291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.147.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434189/; classtype:trojan-activity;sid:84297289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.36.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434190/; classtype:trojan-activity;sid:84297290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434188)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.47.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434188/; classtype:trojan-activity;sid:84297288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.254.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434187/; classtype:trojan-activity;sid:84297287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434186)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.29.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434186/; classtype:trojan-activity;sid:84297286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.137.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434185/; classtype:trojan-activity;sid:84297285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.40.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434184/; classtype:trojan-activity;sid:84297284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434183)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.138.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434183/; classtype:trojan-activity;sid:84297283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.84.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434182/; classtype:trojan-activity;sid:84297282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434181)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.205.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434181/; classtype:trojan-activity;sid:84297281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434180)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.5.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434180/; classtype:trojan-activity;sid:84297280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.72.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434179/; classtype:trojan-activity;sid:84297279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.100.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434177/; classtype:trojan-activity;sid:84297277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434178)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434178/; classtype:trojan-activity;sid:84297278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434176)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.10.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434176/; classtype:trojan-activity;sid:84297276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434175)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.210.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434175/; classtype:trojan-activity;sid:84297275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.61.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434174/; classtype:trojan-activity;sid:84297274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.205.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434173/; classtype:trojan-activity;sid:84297273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434172/; classtype:trojan-activity;sid:84297272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.253.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434171/; classtype:trojan-activity;sid:84297271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.129.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434170/; classtype:trojan-activity;sid:84297270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.65.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434169/; classtype:trojan-activity;sid:84297269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.213.165.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434168/; classtype:trojan-activity;sid:84297268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.207.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434167/; classtype:trojan-activity;sid:84297267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.218.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434166/; classtype:trojan-activity;sid:84297266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.5.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434165/; classtype:trojan-activity;sid:84297265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.2.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434164/; classtype:trojan-activity;sid:84297264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.246.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434163/; classtype:trojan-activity;sid:84297263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.61.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434162/; classtype:trojan-activity;sid:84297262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.242.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434161/; classtype:trojan-activity;sid:84297261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434160/; classtype:trojan-activity;sid:84297260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.51.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434159/; classtype:trojan-activity;sid:84297259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.118.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434158/; classtype:trojan-activity;sid:84297258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.224.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434157/; classtype:trojan-activity;sid:84297257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434156)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.54.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434156/; classtype:trojan-activity;sid:84297256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434155)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.191.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434155/; classtype:trojan-activity;sid:84297255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.136.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434154/; classtype:trojan-activity;sid:84297254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.2.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434153/; classtype:trojan-activity;sid:84297253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.105.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434152/; classtype:trojan-activity;sid:84297252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.253.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434151/; classtype:trojan-activity;sid:84297251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.94.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434150/; classtype:trojan-activity;sid:84297250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.231.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434149/; classtype:trojan-activity;sid:84297249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.76.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434148/; classtype:trojan-activity;sid:84297248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.159.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434147/; classtype:trojan-activity;sid:84297247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.138.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434146/; classtype:trojan-activity;sid:84297246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.11.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434145/; classtype:trojan-activity;sid:84297245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.255.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434144/; classtype:trojan-activity;sid:84297244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.218.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434143/; classtype:trojan-activity;sid:84297243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.250.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434142/; classtype:trojan-activity;sid:84297242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.80.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434141/; classtype:trojan-activity;sid:84297241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.234.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434140/; classtype:trojan-activity;sid:84297240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.76.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434139/; classtype:trojan-activity;sid:84297239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.53.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434138/; classtype:trojan-activity;sid:84297238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.39.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434137/; classtype:trojan-activity;sid:84297237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.3.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434135/; classtype:trojan-activity;sid:84297235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.140.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434136/; classtype:trojan-activity;sid:84297236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434134)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.56.146.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434134/; classtype:trojan-activity;sid:84297234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.159.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434133/; classtype:trojan-activity;sid:84297233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.253.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434132/; classtype:trojan-activity;sid:84297232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.11.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434131/; classtype:trojan-activity;sid:84297231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.47.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434130/; classtype:trojan-activity;sid:84297230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.56.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434129/; classtype:trojan-activity;sid:84297229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434128/; classtype:trojan-activity;sid:84297228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434127)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.238.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434127/; classtype:trojan-activity;sid:84297227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434126)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.166.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434126/; classtype:trojan-activity;sid:84297226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.168.238.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434125/; classtype:trojan-activity;sid:84297225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434124)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.190.230.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434124/; classtype:trojan-activity;sid:84297224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.190.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434123/; classtype:trojan-activity;sid:84297223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.185.199.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434122/; classtype:trojan-activity;sid:84297222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.163.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434121/; classtype:trojan-activity;sid:84297221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.80.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434120/; classtype:trojan-activity;sid:84297220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.56.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434119/; classtype:trojan-activity;sid:84297219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.198.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434118/; classtype:trojan-activity;sid:84297218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434117/; classtype:trojan-activity;sid:84297217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.39.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434116/; classtype:trojan-activity;sid:84297216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.47.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434115/; classtype:trojan-activity;sid:84297215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.224.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434114/; classtype:trojan-activity;sid:84297214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.62.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434113/; classtype:trojan-activity;sid:84297213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434112)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.44.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434112/; classtype:trojan-activity;sid:84297212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.122.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434111/; classtype:trojan-activity;sid:84297211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.132.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434110/; classtype:trojan-activity;sid:84297210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.49.37.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434109/; classtype:trojan-activity;sid:84297209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.174.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434108/; classtype:trojan-activity;sid:84297208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.88.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434107/; classtype:trojan-activity;sid:84297207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.247.159.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434106/; classtype:trojan-activity;sid:84297206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434105/; classtype:trojan-activity;sid:84297205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.140.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434104/; classtype:trojan-activity;sid:84297204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434103)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.163.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434103/; classtype:trojan-activity;sid:84297203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.190.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434102/; classtype:trojan-activity;sid:84297202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.17.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434101/; classtype:trojan-activity;sid:84297201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.80.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434100/; classtype:trojan-activity;sid:84297200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.34.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434099/; classtype:trojan-activity;sid:84297199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.8.31.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434098/; classtype:trojan-activity;sid:84297198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.119.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434097/; classtype:trojan-activity;sid:84297197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.49.37.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434096/; classtype:trojan-activity;sid:84297196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.197.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434095/; classtype:trojan-activity;sid:84297195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.2.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434094/; classtype:trojan-activity;sid:84297194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.232.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434093/; classtype:trojan-activity;sid:84297193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.132.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434092/; classtype:trojan-activity;sid:84297192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.238.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434091/; classtype:trojan-activity;sid:84297191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.34.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434090/; classtype:trojan-activity;sid:84297190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.198.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434089/; classtype:trojan-activity;sid:84297189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.220.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434088/; classtype:trojan-activity;sid:84297188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434087)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.171.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434087/; classtype:trojan-activity;sid:84297187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.48.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434086/; classtype:trojan-activity;sid:84297186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.231.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434085/; classtype:trojan-activity;sid:84297185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.71.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434084/; classtype:trojan-activity;sid:84297184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.224.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434083/; classtype:trojan-activity;sid:84297183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.90.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434082/; classtype:trojan-activity;sid:84297182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.160.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434081/; classtype:trojan-activity;sid:84297181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.166.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434080/; classtype:trojan-activity;sid:84297180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.81.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434079/; classtype:trojan-activity;sid:84297179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.244.89.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434078/; classtype:trojan-activity;sid:84297178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.94.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434077/; classtype:trojan-activity;sid:84297177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.153.201.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434076/; classtype:trojan-activity;sid:84297176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.66.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434075/; classtype:trojan-activity;sid:84297175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.175.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434074/; classtype:trojan-activity;sid:84297174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.224.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434073/; classtype:trojan-activity;sid:84297173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.48.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434072/; classtype:trojan-activity;sid:84297172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.69.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434071/; classtype:trojan-activity;sid:84297171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434070)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.243.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434070/; classtype:trojan-activity;sid:84297170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434069)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.9.47.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434069/; classtype:trojan-activity;sid:84297169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.184.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434067/; classtype:trojan-activity;sid:84297167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.236.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434068/; classtype:trojan-activity;sid:84297168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.194.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434066/; classtype:trojan-activity;sid:84297166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434065/; classtype:trojan-activity;sid:84297165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434064)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.244.89.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434064/; classtype:trojan-activity;sid:84297164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.124.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434063/; classtype:trojan-activity;sid:84297163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.231.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434062/; classtype:trojan-activity;sid:84297162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.166.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434061/; classtype:trojan-activity;sid:84297161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.23.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434059/; classtype:trojan-activity;sid:84297159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434060)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.81.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434060/; classtype:trojan-activity;sid:84297160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.194.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434058/; classtype:trojan-activity;sid:84297158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.137.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434057/; classtype:trojan-activity;sid:84297157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.25.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434056/; classtype:trojan-activity;sid:84297156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.25.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434055/; classtype:trojan-activity;sid:84297155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.68.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434053/; classtype:trojan-activity;sid:84297153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.66.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434054/; classtype:trojan-activity;sid:84297154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434052)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.91.148.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434052/; classtype:trojan-activity;sid:84297152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434051)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.236.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434051/; classtype:trojan-activity;sid:84297151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.60.224.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434050/; classtype:trojan-activity;sid:84297150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.90.123.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434049/; classtype:trojan-activity;sid:84297149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.94.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434048/; classtype:trojan-activity;sid:84297148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.32.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434047/; classtype:trojan-activity;sid:84297147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.32.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434046/; classtype:trojan-activity;sid:84297146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.242.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434045/; classtype:trojan-activity;sid:84297145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434044)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.208.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434044/; classtype:trojan-activity;sid:84297144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.204.196.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434043/; classtype:trojan-activity;sid:84297143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.66.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434042/; classtype:trojan-activity;sid:84297142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434041)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.239.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434041/; classtype:trojan-activity;sid:84297141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.99.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434040/; classtype:trojan-activity;sid:84297140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434039)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.236.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434039/; classtype:trojan-activity;sid:84297139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.59.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434038/; classtype:trojan-activity;sid:84297138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.74.44.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434036/; classtype:trojan-activity;sid:84297136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.17.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434037/; classtype:trojan-activity;sid:84297137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.224.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434035/; classtype:trojan-activity;sid:84297135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434034/; classtype:trojan-activity;sid:84297134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.227.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434033/; classtype:trojan-activity;sid:84297133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.137.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434032/; classtype:trojan-activity;sid:84297132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.224.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434031/; classtype:trojan-activity;sid:84297131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.23.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434029/; classtype:trojan-activity;sid:84297129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.25.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434030/; classtype:trojan-activity;sid:84297130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.90.123.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434028/; classtype:trojan-activity;sid:84297128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.208.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434027/; classtype:trojan-activity;sid:84297127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.32.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434026/; classtype:trojan-activity;sid:84297126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.70.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434025/; classtype:trojan-activity;sid:84297125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434024)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.58.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434024/; classtype:trojan-activity;sid:84297124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434018)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434018/; classtype:trojan-activity;sid:84297118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434019)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434019/; classtype:trojan-activity;sid:84297119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434020)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.110.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434020/; classtype:trojan-activity;sid:84297120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434021)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.25.200.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434021/; classtype:trojan-activity;sid:84297121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434022)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.245.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434022/; classtype:trojan-activity;sid:84297122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.72.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434023/; classtype:trojan-activity;sid:84297123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434017)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.244.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434017/; classtype:trojan-activity;sid:84297117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434016)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.168.238.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434016/; classtype:trojan-activity;sid:84297116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434015)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.69.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434015/; classtype:trojan-activity;sid:84297115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434013)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.150.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434013/; classtype:trojan-activity;sid:84297113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434014)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.150.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434014/; classtype:trojan-activity;sid:84297114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.184.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434012/; classtype:trojan-activity;sid:84297112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.199.158.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434011/; classtype:trojan-activity;sid:84297111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434010)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.66.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434010/; classtype:trojan-activity;sid:84297110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.136.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434009/; classtype:trojan-activity;sid:84297109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.99.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434008/; classtype:trojan-activity;sid:84297108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.74.44.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3434007/; classtype:trojan-activity;sid:84297107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.32.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3434006/; classtype:trojan-activity;sid:84297106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.248.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3434005/; classtype:trojan-activity;sid:84297105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.140.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3434004/; classtype:trojan-activity;sid:84297104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.224.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3434003/; classtype:trojan-activity;sid:84297103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.188.178.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3434000/; classtype:trojan-activity;sid:84297100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.186.216.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3434001/; classtype:trojan-activity;sid:84297101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.143.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3434002/; classtype:trojan-activity;sid:84297102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433999)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.247.16.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433999/; classtype:trojan-activity;sid:84297099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.204.196.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433991/; classtype:trojan-activity;sid:84297091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.197.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433992/; classtype:trojan-activity;sid:84297092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.69.56.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433993/; classtype:trojan-activity;sid:84297093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433994)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.193.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433994/; classtype:trojan-activity;sid:84297094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.232.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433995/; classtype:trojan-activity;sid:84297095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.93.47.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433996/; classtype:trojan-activity;sid:84297096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.65.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433997/; classtype:trojan-activity;sid:84297097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433998)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.188.91.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433998/; classtype:trojan-activity;sid:84297098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.38.106.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433990/; classtype:trojan-activity;sid:84297090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433988)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.39.181.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433988/; classtype:trojan-activity;sid:84297088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.60.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433989/; classtype:trojan-activity;sid:84297089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.113.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433985/; classtype:trojan-activity;sid:84297085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433986)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"5.83.218.12"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433986/; classtype:trojan-activity;sid:84297086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.18.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433987/; classtype:trojan-activity;sid:84297087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.168.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433983/; classtype:trojan-activity;sid:84297083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.253.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433984/; classtype:trojan-activity;sid:84297084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.11.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433982/; classtype:trojan-activity;sid:84297082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.88.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433981/; classtype:trojan-activity;sid:84297081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.101.210.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433974/; classtype:trojan-activity;sid:84297074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.253.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433975/; classtype:trojan-activity;sid:84297075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.88.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433976/; classtype:trojan-activity;sid:84297076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.241.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433977/; classtype:trojan-activity;sid:84297077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.84.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433978/; classtype:trojan-activity;sid:84297078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.9.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433979/; classtype:trojan-activity;sid:84297079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.84.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433980/; classtype:trojan-activity;sid:84297080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.197.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433970/; classtype:trojan-activity;sid:84297070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.107.15.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433971/; classtype:trojan-activity;sid:84297071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.53.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433972/; classtype:trojan-activity;sid:84297072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.200.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433973/; classtype:trojan-activity;sid:84297073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.227.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433968/; classtype:trojan-activity;sid:84297068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.32.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433969/; classtype:trojan-activity;sid:84297069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433965)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.188.91.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433965/; classtype:trojan-activity;sid:84297065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.144.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433966/; classtype:trojan-activity;sid:84297066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.56.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433967/; classtype:trojan-activity;sid:84297067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433963)"; flow:established,from_client; content:"GET"; http_method; content:"/release/x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"66.63.187.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433963/; classtype:trojan-activity;sid:84297063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433964)"; flow:established,from_client; content:"GET"; http_method; content:"/release/mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"66.63.187.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433964/; classtype:trojan-activity;sid:84297064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.7.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433962/; classtype:trojan-activity;sid:84297062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.35.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433961/; classtype:trojan-activity;sid:84297061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433960)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.24.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433960/; classtype:trojan-activity;sid:84297060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.116.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433959/; classtype:trojan-activity;sid:84297059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.180.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433952/; classtype:trojan-activity;sid:84297052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433953)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.116.104.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433953/; classtype:trojan-activity;sid:84297053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433954)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.116.104.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433954/; classtype:trojan-activity;sid:84297054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433955)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.116.104.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433955/; classtype:trojan-activity;sid:84297055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.62.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433956/; classtype:trojan-activity;sid:84297056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.94.176.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433957/; classtype:trojan-activity;sid:84297057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.209.154.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433958/; classtype:trojan-activity;sid:84297058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.17.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433951/; classtype:trojan-activity;sid:84297051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433950)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.124.44.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433950/; classtype:trojan-activity;sid:84297050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.82.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433948/; classtype:trojan-activity;sid:84297048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.114.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433949/; classtype:trojan-activity;sid:84297049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.100.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433947/; classtype:trojan-activity;sid:84297047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433945)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.136.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433945/; classtype:trojan-activity;sid:84297045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.38.106.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433946/; classtype:trojan-activity;sid:84297046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.210.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433943/; classtype:trojan-activity;sid:84297043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.248.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433944/; classtype:trojan-activity;sid:84297044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.160.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433939/; classtype:trojan-activity;sid:84297039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.182.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433940/; classtype:trojan-activity;sid:84297040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.222.145.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433941/; classtype:trojan-activity;sid:84297041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.234.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433942/; classtype:trojan-activity;sid:84297042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.2.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433938/; classtype:trojan-activity;sid:84297038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.4.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433937/; classtype:trojan-activity;sid:84297037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.30.233"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433936/; classtype:trojan-activity;sid:84297036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.213.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433932/; classtype:trojan-activity;sid:84297032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.186.216.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433933/; classtype:trojan-activity;sid:84297033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.251.176.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433934/; classtype:trojan-activity;sid:84297034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.246.40.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433935/; classtype:trojan-activity;sid:84297035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433931/; classtype:trojan-activity;sid:84297031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.3.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433930/; classtype:trojan-activity;sid:84297030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.117.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433929/; classtype:trojan-activity;sid:84297029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433927)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"94.103.6.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433927/; classtype:trojan-activity;sid:84297027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433928)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"94.103.6.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433928/; classtype:trojan-activity;sid:84297028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.163.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433926/; classtype:trojan-activity;sid:84297026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.255.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433925/; classtype:trojan-activity;sid:84297025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.249.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433924/; classtype:trojan-activity;sid:84297024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.86.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433923/; classtype:trojan-activity;sid:84297023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433922)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.165.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433922/; classtype:trojan-activity;sid:84297022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.215.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433921/; classtype:trojan-activity;sid:84297021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.136.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433920/; classtype:trojan-activity;sid:84297020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.140.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433919/; classtype:trojan-activity;sid:84297019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.6.37"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433918/; classtype:trojan-activity;sid:84297018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.248.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433917/; classtype:trojan-activity;sid:84297017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.10.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433916/; classtype:trojan-activity;sid:84297016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.255.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433915/; classtype:trojan-activity;sid:84297015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433914/; classtype:trojan-activity;sid:84297014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.241.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433913/; classtype:trojan-activity;sid:84297013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.47.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433912/; classtype:trojan-activity;sid:84297012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.125.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433911/; classtype:trojan-activity;sid:84297011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.163.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433910/; classtype:trojan-activity;sid:84297010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.215.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433909/; classtype:trojan-activity;sid:84297009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.255.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433908/; classtype:trojan-activity;sid:84297008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433907/; classtype:trojan-activity;sid:84297007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.249.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433906/; classtype:trojan-activity;sid:84297006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.245.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433905/; classtype:trojan-activity;sid:84297005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.117.99.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433904/; classtype:trojan-activity;sid:84297004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.189.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433903/; classtype:trojan-activity;sid:84297003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.255.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433902/; classtype:trojan-activity;sid:84297002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.197.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433901/; classtype:trojan-activity;sid:84297001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.38.106.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433900/; classtype:trojan-activity;sid:84297000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.38.106.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433899/; classtype:trojan-activity;sid:84296999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.235.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433898/; classtype:trojan-activity;sid:84296998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433897)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.235.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433897/; classtype:trojan-activity;sid:84296997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.125.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433896/; classtype:trojan-activity;sid:84296996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.197.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433895/; classtype:trojan-activity;sid:84296995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.117.99.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433894/; classtype:trojan-activity;sid:84296994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.94.142.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433893/; classtype:trojan-activity;sid:84296993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.0.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433892/; classtype:trojan-activity;sid:84296992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.66.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433891/; classtype:trojan-activity;sid:84296991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433890)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.121.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433890/; classtype:trojan-activity;sid:84296990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433889)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.132.19.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433889/; classtype:trojan-activity;sid:84296989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.85.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433888/; classtype:trojan-activity;sid:84296988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.210.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433887/; classtype:trojan-activity;sid:84296987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.0.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433886/; classtype:trojan-activity;sid:84296986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.103.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433885/; classtype:trojan-activity;sid:84296985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.161.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433884/; classtype:trojan-activity;sid:84296984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.155.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433883/; classtype:trojan-activity;sid:84296983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.147.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433882/; classtype:trojan-activity;sid:84296982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.49.35.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433881/; classtype:trojan-activity;sid:84296981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.167.36.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433879/; classtype:trojan-activity;sid:84296979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.93.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433880/; classtype:trojan-activity;sid:84296980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.44.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433878/; classtype:trojan-activity;sid:84296978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433877)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.246.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433877/; classtype:trojan-activity;sid:84296977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433876)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.253.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433876/; classtype:trojan-activity;sid:84296976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.113.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433875/; classtype:trojan-activity;sid:84296975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.166.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433874/; classtype:trojan-activity;sid:84296974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433873)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.195.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433873/; classtype:trojan-activity;sid:84296973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433872/; classtype:trojan-activity;sid:84296972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.139.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433871/; classtype:trojan-activity;sid:84296971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.131.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433870/; classtype:trojan-activity;sid:84296970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.210.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433869/; classtype:trojan-activity;sid:84296969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.240.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433868/; classtype:trojan-activity;sid:84296968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.159.54.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433867/; classtype:trojan-activity;sid:84296967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.161.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433866/; classtype:trojan-activity;sid:84296966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.85.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433865/; classtype:trojan-activity;sid:84296965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.62.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433864/; classtype:trojan-activity;sid:84296964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.167.36.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433863/; classtype:trojan-activity;sid:84296963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.195.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433862/; classtype:trojan-activity;sid:84296962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.44.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433861/; classtype:trojan-activity;sid:84296961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.17.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433860/; classtype:trojan-activity;sid:84296960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.62.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433858/; classtype:trojan-activity;sid:84296958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433859)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.66.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433859/; classtype:trojan-activity;sid:84296959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433857)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.71.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433857/; classtype:trojan-activity;sid:84296957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.21.175.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433856/; classtype:trojan-activity;sid:84296956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.47.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433855/; classtype:trojan-activity;sid:84296955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.147.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433854/; classtype:trojan-activity;sid:84296954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.97.113.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433852/; classtype:trojan-activity;sid:84296952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433853)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.210.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433853/; classtype:trojan-activity;sid:84296953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.232.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433851/; classtype:trojan-activity;sid:84296951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.159.54.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433850/; classtype:trojan-activity;sid:84296950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.51.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433849/; classtype:trojan-activity;sid:84296949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.69.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433848/; classtype:trojan-activity;sid:84296948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.243.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433847/; classtype:trojan-activity;sid:84296947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.160.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433846/; classtype:trojan-activity;sid:84296946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.140.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433845/; classtype:trojan-activity;sid:84296945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433844)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.93.47.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433844/; classtype:trojan-activity;sid:84296944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.84.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433843/; classtype:trojan-activity;sid:84296943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.103.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433842/; classtype:trojan-activity;sid:84296942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433840)"; flow:established,from_client; content:"GET"; http_method; content:"/apps/bitcoin3000.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"104.236.203.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433840/; classtype:trojan-activity;sid:84296940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433838)"; flow:established,from_client; content:"GET"; http_method; content:"/apps/bitcoin3000.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"104.236.203.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433838/; classtype:trojan-activity;sid:84296938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433839)"; flow:established,from_client; content:"GET"; http_method; content:"/apps/bitcoin3000.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"45.55.122.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433839/; classtype:trojan-activity;sid:84296939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433837)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.180.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433837/; classtype:trojan-activity;sid:84296937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433836)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.160.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433836/; classtype:trojan-activity;sid:84296936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433835)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.250.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433835/; classtype:trojan-activity;sid:84296935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433834)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.51.17.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433834/; classtype:trojan-activity;sid:84296934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433833)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.70.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433833/; classtype:trojan-activity;sid:84296933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.103.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433832/; classtype:trojan-activity;sid:84296932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.232.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433831/; classtype:trojan-activity;sid:84296931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433830)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.8.237.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433830/; classtype:trojan-activity;sid:84296930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433829)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/transaction.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"konami.community"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433829/; classtype:trojan-activity;sid:84296929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433828)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.225.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433828/; classtype:trojan-activity;sid:84296928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433827)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433827/; classtype:trojan-activity;sid:84296927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.130.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433826/; classtype:trojan-activity;sid:84296926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.189.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433825/; classtype:trojan-activity;sid:84296925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.94.219.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433824/; classtype:trojan-activity;sid:84296924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433823)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.170.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433823/; classtype:trojan-activity;sid:84296923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.196.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433822/; classtype:trojan-activity;sid:84296922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433819)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/transaction.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.myticketbenefits.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433819/; classtype:trojan-activity;sid:84296919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433820)"; flow:established,from_client; content:"GET"; http_method; content:"/netskope_signup.docx.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"cochran.training"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433820/; classtype:trojan-activity;sid:84296920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433821)"; flow:established,from_client; content:"GET"; http_method; content:"/netskope_signup.docx.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.myticketbenefits.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433821/; classtype:trojan-activity;sid:84296921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433814)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/transaction.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"34.224.90.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433814/; classtype:trojan-activity;sid:84296914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433815)"; flow:established,from_client; content:"GET"; http_method; content:"/netskope_signup.docx.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"konami.community"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433815/; classtype:trojan-activity;sid:84296915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433816)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/transaction.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cochran.training"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433816/; classtype:trojan-activity;sid:84296916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433817)"; flow:established,from_client; content:"GET"; http_method; content:"/netskope_signup.docx.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"netskope.charity"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433817/; classtype:trojan-activity;sid:84296917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433818)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/transaction.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"netskope.charity"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433818/; classtype:trojan-activity;sid:84296918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433810)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/transaction.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"slack.codes"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433810/; classtype:trojan-activity;sid:84296910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433812)"; flow:established,from_client; content:"GET"; http_method; content:"/netskope_signup.docx.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"slack.codes"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433812/; classtype:trojan-activity;sid:84296912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433813)"; flow:established,from_client; content:"GET"; http_method; content:"/netskope_signup.docx.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"34.224.90.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433813/; classtype:trojan-activity;sid:84296913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.238.171.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433809/; classtype:trojan-activity;sid:84296909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.189.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433808/; classtype:trojan-activity;sid:84296908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433807)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.105.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433807/; classtype:trojan-activity;sid:84296907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.133.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433806/; classtype:trojan-activity;sid:84296906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433805)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.137.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433805/; classtype:trojan-activity;sid:84296905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.142.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433804/; classtype:trojan-activity;sid:84296904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433803)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.133.121.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433803/; classtype:trojan-activity;sid:84296903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.138.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433801/; classtype:trojan-activity;sid:84296901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.45.171.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433802/; classtype:trojan-activity;sid:84296902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.84.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433800/; classtype:trojan-activity;sid:84296900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.130.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433799/; classtype:trojan-activity;sid:84296899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.94.219.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433798/; classtype:trojan-activity;sid:84296898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.157.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433797/; classtype:trojan-activity;sid:84296897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.26.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433796/; classtype:trojan-activity;sid:84296896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433795)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.83.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433795/; classtype:trojan-activity;sid:84296895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433793)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.96.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433793/; classtype:trojan-activity;sid:84296893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.79.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433794/; classtype:trojan-activity;sid:84296894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433792/; classtype:trojan-activity;sid:84296892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.53.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433791/; classtype:trojan-activity;sid:84296891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.78.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433790/; classtype:trojan-activity;sid:84296890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.138.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433789/; classtype:trojan-activity;sid:84296889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.160.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433788/; classtype:trojan-activity;sid:84296888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433787)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.97.93.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433787/; classtype:trojan-activity;sid:84296887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433785)"; flow:established,from_client; content:"GET"; http_method; content:"/sex.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.137.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433785/; classtype:trojan-activity;sid:84296885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433786)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.137.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433786/; classtype:trojan-activity;sid:84296886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433784)"; flow:established,from_client; content:"GET"; http_method; content:"/arm61"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.137.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433784/; classtype:trojan-activity;sid:84296884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.227.57.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433783/; classtype:trojan-activity;sid:84296883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.191.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433782/; classtype:trojan-activity;sid:84296882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.235.218.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433781/; classtype:trojan-activity;sid:84296881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.227.57.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433780/; classtype:trojan-activity;sid:84296880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.131.92.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433778/; classtype:trojan-activity;sid:84296878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.79.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433779/; classtype:trojan-activity;sid:84296879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.228.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433777/; classtype:trojan-activity;sid:84296877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.1.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433776/; classtype:trojan-activity;sid:84296876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.114.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433775/; classtype:trojan-activity;sid:84296875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433771)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"phidev.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433771/; classtype:trojan-activity;sid:84296871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433772)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"phidev.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433772/; classtype:trojan-activity;sid:84296872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433773)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"phidev.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433773/; classtype:trojan-activity;sid:84296873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433774)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"phidev.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433774/; classtype:trojan-activity;sid:84296874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433769)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"phidev.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433769/; classtype:trojan-activity;sid:84296869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433770)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"phidev.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433770/; classtype:trojan-activity;sid:84296870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433767)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"phidev.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433767/; classtype:trojan-activity;sid:84296867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433768)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"phidev.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433768/; classtype:trojan-activity;sid:84296868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433764)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"phidev.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433764/; classtype:trojan-activity;sid:84296864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433765)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"phidev.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433765/; classtype:trojan-activity;sid:84296865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433766)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"phidev.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433766/; classtype:trojan-activity;sid:84296866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433762)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"phidev.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433762/; classtype:trojan-activity;sid:84296862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433763)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"phidev.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433763/; classtype:trojan-activity;sid:84296863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.26.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433761/; classtype:trojan-activity;sid:84296861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.90.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433759/; classtype:trojan-activity;sid:84296859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.174.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433760/; classtype:trojan-activity;sid:84296860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433758)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.14.233.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433758/; classtype:trojan-activity;sid:84296858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433757)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"61.14.233.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433757/; classtype:trojan-activity;sid:84296857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433756)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"61.14.233.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433756/; classtype:trojan-activity;sid:84296856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433753)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.14.233.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433753/; classtype:trojan-activity;sid:84296853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433754)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.14.233.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433754/; classtype:trojan-activity;sid:84296854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433755)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.14.233.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433755/; classtype:trojan-activity;sid:84296855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433748)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"61.14.233.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433748/; classtype:trojan-activity;sid:84296848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433749)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"61.14.233.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433749/; classtype:trojan-activity;sid:84296849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433750)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.14.233.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433750/; classtype:trojan-activity;sid:84296850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433751)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.14.233.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433751/; classtype:trojan-activity;sid:84296851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433752)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"61.14.233.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433752/; classtype:trojan-activity;sid:84296852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433746)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.14.233.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433746/; classtype:trojan-activity;sid:84296846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433747)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.14.233.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433747/; classtype:trojan-activity;sid:84296847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.58.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433745/; classtype:trojan-activity;sid:84296845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.235.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433744/; classtype:trojan-activity;sid:84296844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433743)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.191.245.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433743/; classtype:trojan-activity;sid:84296843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433731)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.191.245.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433731/; classtype:trojan-activity;sid:84296831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433732)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.191.245.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433732/; classtype:trojan-activity;sid:84296832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433733)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"160.191.245.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433733/; classtype:trojan-activity;sid:84296833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433734)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.191.245.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433734/; classtype:trojan-activity;sid:84296834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433735)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.191.245.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433735/; classtype:trojan-activity;sid:84296835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433736)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.191.245.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433736/; classtype:trojan-activity;sid:84296836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433737)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"160.191.245.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433737/; classtype:trojan-activity;sid:84296837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433738)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"160.191.245.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433738/; classtype:trojan-activity;sid:84296838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433739)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.191.245.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433739/; classtype:trojan-activity;sid:84296839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433740)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"160.191.245.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433740/; classtype:trojan-activity;sid:84296840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433741)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.191.245.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433741/; classtype:trojan-activity;sid:84296841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433742)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"160.191.245.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433742/; classtype:trojan-activity;sid:84296842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433728)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.191.245.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433728/; classtype:trojan-activity;sid:84296828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433729)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.191.245.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433729/; classtype:trojan-activity;sid:84296829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433730)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"160.191.245.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433730/; classtype:trojan-activity;sid:84296830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433727)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.82.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433727/; classtype:trojan-activity;sid:84296827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.13.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433726/; classtype:trojan-activity;sid:84296826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.60.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433725/; classtype:trojan-activity;sid:84296825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.45.171.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433724/; classtype:trojan-activity;sid:84296824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433722)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.233.237.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433722/; classtype:trojan-activity;sid:84296822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433723)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.233.237.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433723/; classtype:trojan-activity;sid:84296823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.157.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433721/; classtype:trojan-activity;sid:84296821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.228.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433720/; classtype:trojan-activity;sid:84296820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.57.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433719/; classtype:trojan-activity;sid:84296819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.1.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433718/; classtype:trojan-activity;sid:84296818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.54.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433717/; classtype:trojan-activity;sid:84296817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.1.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433716/; classtype:trojan-activity;sid:84296816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.7.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433715/; classtype:trojan-activity;sid:84296815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.187.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433714/; classtype:trojan-activity;sid:84296814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433712)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.1.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433712/; classtype:trojan-activity;sid:84296812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.114.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433713/; classtype:trojan-activity;sid:84296813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.57.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433711/; classtype:trojan-activity;sid:84296811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.166.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433710/; classtype:trojan-activity;sid:84296810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.54.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433709/; classtype:trojan-activity;sid:84296809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.157.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433708/; classtype:trojan-activity;sid:84296808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.9.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433707/; classtype:trojan-activity;sid:84296807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.58.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433706/; classtype:trojan-activity;sid:84296806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.77.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433705/; classtype:trojan-activity;sid:84296805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.202.234.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433704/; classtype:trojan-activity;sid:84296804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433703)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433703/; classtype:trojan-activity;sid:84296803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.90.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433702/; classtype:trojan-activity;sid:84296802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.43.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433701/; classtype:trojan-activity;sid:84296801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.236.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433699/; classtype:trojan-activity;sid:84296799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.43.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433700/; classtype:trojan-activity;sid:84296800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.251.2.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433698/; classtype:trojan-activity;sid:84296798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.11.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433697/; classtype:trojan-activity;sid:84296797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.54.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433696/; classtype:trojan-activity;sid:84296796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433695)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.205.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433695/; classtype:trojan-activity;sid:84296795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.209.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433694/; classtype:trojan-activity;sid:84296794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.8.2"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433693/; classtype:trojan-activity;sid:84296793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.148.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433692/; classtype:trojan-activity;sid:84296792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.54.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433691/; classtype:trojan-activity;sid:84296791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.77.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433690/; classtype:trojan-activity;sid:84296790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.251.2.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433689/; classtype:trojan-activity;sid:84296789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433688)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.90.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433688/; classtype:trojan-activity;sid:84296788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433687)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.241.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433687/; classtype:trojan-activity;sid:84296787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433686)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433686/; classtype:trojan-activity;sid:84296786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.236.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433685/; classtype:trojan-activity;sid:84296785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433684)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.94.193.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433684/; classtype:trojan-activity;sid:84296784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.43.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433683/; classtype:trojan-activity;sid:84296783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.96.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433682/; classtype:trojan-activity;sid:84296782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.8.2"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433681/; classtype:trojan-activity;sid:84296781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.17.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433680/; classtype:trojan-activity;sid:84296780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.209.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433679/; classtype:trojan-activity;sid:84296779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.91.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433678/; classtype:trojan-activity;sid:84296778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.43.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433677/; classtype:trojan-activity;sid:84296777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.14.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433676/; classtype:trojan-activity;sid:84296776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.130.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433675/; classtype:trojan-activity;sid:84296775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.53.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433674/; classtype:trojan-activity;sid:84296774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.204.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433673/; classtype:trojan-activity;sid:84296773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.42.85"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433672/; classtype:trojan-activity;sid:84296772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.103.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433671/; classtype:trojan-activity;sid:84296771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.156.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433670/; classtype:trojan-activity;sid:84296770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.21.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433666/; classtype:trojan-activity;sid:84296766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433667)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433667/; classtype:trojan-activity;sid:84296767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433668)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433668/; classtype:trojan-activity;sid:84296768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433669)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.191.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433669/; classtype:trojan-activity;sid:84296769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433665/; classtype:trojan-activity;sid:84296765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433663)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.124.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433663/; classtype:trojan-activity;sid:84296763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433664)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.96.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433664/; classtype:trojan-activity;sid:84296764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433662)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.55.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433662/; classtype:trojan-activity;sid:84296762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.98.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433661/; classtype:trojan-activity;sid:84296761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433660)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.16.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433660/; classtype:trojan-activity;sid:84296760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433658)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.74.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433658/; classtype:trojan-activity;sid:84296758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.71.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433659/; classtype:trojan-activity;sid:84296759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433657)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.111.185.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433657/; classtype:trojan-activity;sid:84296757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.234.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433655/; classtype:trojan-activity;sid:84296755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.96.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433656/; classtype:trojan-activity;sid:84296756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.15.55.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433654/; classtype:trojan-activity;sid:84296754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.45.56.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433653/; classtype:trojan-activity;sid:84296753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433652/; classtype:trojan-activity;sid:84296752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433651)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.113.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433651/; classtype:trojan-activity;sid:84296751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.14.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433650/; classtype:trojan-activity;sid:84296750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433649)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.131.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433649/; classtype:trojan-activity;sid:84296749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.160.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433648/; classtype:trojan-activity;sid:84296748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433647)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.130.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433647/; classtype:trojan-activity;sid:84296747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433645)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.213.165.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433645/; classtype:trojan-activity;sid:84296745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.204.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433646/; classtype:trojan-activity;sid:84296746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.47.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433644/; classtype:trojan-activity;sid:84296744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.26.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433643/; classtype:trojan-activity;sid:84296743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.21.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433642/; classtype:trojan-activity;sid:84296742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.152.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433641/; classtype:trojan-activity;sid:84296741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.0.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433640/; classtype:trojan-activity;sid:84296740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.35.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433639/; classtype:trojan-activity;sid:84296739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433638)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.233.237.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433638/; classtype:trojan-activity;sid:84296738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.45.56.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433637/; classtype:trojan-activity;sid:84296737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.159.142.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433636/; classtype:trojan-activity;sid:84296736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.153.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433634/; classtype:trojan-activity;sid:84296734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.96.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433635/; classtype:trojan-activity;sid:84296735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.239.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433633/; classtype:trojan-activity;sid:84296733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.234.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433632/; classtype:trojan-activity;sid:84296732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433631)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.129.238.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433631/; classtype:trojan-activity;sid:84296731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433630)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.129.238.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433630/; classtype:trojan-activity;sid:84296730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433629)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.129.238.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433629/; classtype:trojan-activity;sid:84296729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433627)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.106.217.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433627/; classtype:trojan-activity;sid:84296727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433628)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.106.217.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433628/; classtype:trojan-activity;sid:84296728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433624)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.176.22.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433624/; classtype:trojan-activity;sid:84296724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433625)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"119.178.149.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433625/; classtype:trojan-activity;sid:84296725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433626)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.176.22.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433626/; classtype:trojan-activity;sid:84296726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433623)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.106.217.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433623/; classtype:trojan-activity;sid:84296723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433619)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"118.119.32.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433619/; classtype:trojan-activity;sid:84296719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433620)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"118.119.32.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433620/; classtype:trojan-activity;sid:84296720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433621)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.176.22.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433621/; classtype:trojan-activity;sid:84296721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433622)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.178.149.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433622/; classtype:trojan-activity;sid:84296722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433618)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.133.72.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433618/; classtype:trojan-activity;sid:84296718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433617)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.133.72.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433617/; classtype:trojan-activity;sid:84296717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433616)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.133.72.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433616/; classtype:trojan-activity;sid:84296716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433614)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.119.32.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433614/; classtype:trojan-activity;sid:84296714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433615)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"119.178.149.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433615/; classtype:trojan-activity;sid:84296715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433613)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"119.178.149.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433613/; classtype:trojan-activity;sid:84296713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433608)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.176.22.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433608/; classtype:trojan-activity;sid:84296708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433609)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.129.238.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433609/; classtype:trojan-activity;sid:84296709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433610)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.129.238.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433610/; classtype:trojan-activity;sid:84296710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433611)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.106.217.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433611/; classtype:trojan-activity;sid:84296711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433612)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.106.217.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433612/; classtype:trojan-activity;sid:84296712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433602)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.176.22.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433602/; classtype:trojan-activity;sid:84296702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433603)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"119.178.149.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433603/; classtype:trojan-activity;sid:84296703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433604)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.176.22.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433604/; classtype:trojan-activity;sid:84296704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433605)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.129.238.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433605/; classtype:trojan-activity;sid:84296705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433606)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.106.217.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433606/; classtype:trojan-activity;sid:84296706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433607)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.178.149.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433607/; classtype:trojan-activity;sid:84296707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433596)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.133.72.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433596/; classtype:trojan-activity;sid:84296696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433597)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"118.119.32.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433597/; classtype:trojan-activity;sid:84296697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433598)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.133.72.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433598/; classtype:trojan-activity;sid:84296698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433599)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.119.32.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433599/; classtype:trojan-activity;sid:84296699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433600)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"118.119.32.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433600/; classtype:trojan-activity;sid:84296700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.21.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433601/; classtype:trojan-activity;sid:84296701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433592)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.133.72.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433592/; classtype:trojan-activity;sid:84296692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433593)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"221.236.125.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433593/; classtype:trojan-activity;sid:84296693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433594)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"221.236.125.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433594/; classtype:trojan-activity;sid:84296694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433595)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"221.236.125.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433595/; classtype:trojan-activity;sid:84296695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.225.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433591/; classtype:trojan-activity;sid:84296691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433590)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.29.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433590/; classtype:trojan-activity;sid:84296690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.121.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433589/; classtype:trojan-activity;sid:84296689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433588)"; flow:established,from_client; content:"GET"; http_method; content:"/g.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"kvndbb3.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433588/; classtype:trojan-activity;sid:84296688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.47.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433587/; classtype:trojan-activity;sid:84296687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.159.142.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433586/; classtype:trojan-activity;sid:84296686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.153.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433585/; classtype:trojan-activity;sid:84296685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.231.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433584/; classtype:trojan-activity;sid:84296684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.15.23.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433583/; classtype:trojan-activity;sid:84296683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.21.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433582/; classtype:trojan-activity;sid:84296682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.29.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433581/; classtype:trojan-activity;sid:84296681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.4.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433580/; classtype:trojan-activity;sid:84296680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.243.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433579/; classtype:trojan-activity;sid:84296679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.146.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433578/; classtype:trojan-activity;sid:84296678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.82.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433577/; classtype:trojan-activity;sid:84296677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433575)"; flow:established,from_client; content:"GET"; http_method; content:"/bjxzdhdoyvjbnkhua56.bin"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"195.211.190.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433575/; classtype:trojan-activity;sid:84296675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433576)"; flow:established,from_client; content:"GET"; http_method; content:"/zxgaevgfqskwwbwrhspxsjdbkl247.bin"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"195.211.190.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433576/; classtype:trojan-activity;sid:84296676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.217.187.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433574/; classtype:trojan-activity;sid:84296674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.31.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433573/; classtype:trojan-activity;sid:84296673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.246.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433572/; classtype:trojan-activity;sid:84296672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.77.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433571/; classtype:trojan-activity;sid:84296671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.146.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433570/; classtype:trojan-activity;sid:84296670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433568)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.85.251.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433568/; classtype:trojan-activity;sid:84296668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.238.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433569/; classtype:trojan-activity;sid:84296669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433563)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"194.85.251.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433563/; classtype:trojan-activity;sid:84296663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433564)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"194.85.251.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433564/; classtype:trojan-activity;sid:84296664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433565)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"194.85.251.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433565/; classtype:trojan-activity;sid:84296665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433566)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"194.85.251.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433566/; classtype:trojan-activity;sid:84296666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433567)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"194.85.251.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433567/; classtype:trojan-activity;sid:84296667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433556)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"194.85.251.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433556/; classtype:trojan-activity;sid:84296656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433557)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"194.85.251.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433557/; classtype:trojan-activity;sid:84296657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433558)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"194.85.251.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433558/; classtype:trojan-activity;sid:84296658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433559)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"194.85.251.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433559/; classtype:trojan-activity;sid:84296659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433560)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"194.85.251.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433560/; classtype:trojan-activity;sid:84296660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433561)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"194.85.251.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433561/; classtype:trojan-activity;sid:84296661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433562)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"194.85.251.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433562/; classtype:trojan-activity;sid:84296662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.203.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433555/; classtype:trojan-activity;sid:84296655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.243.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433554/; classtype:trojan-activity;sid:84296654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.254.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433552/; classtype:trojan-activity;sid:84296652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.154.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433553/; classtype:trojan-activity;sid:84296653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.26.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433551/; classtype:trojan-activity;sid:84296651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.77.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433550/; classtype:trojan-activity;sid:84296650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.78.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433549/; classtype:trojan-activity;sid:84296649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.31.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433548/; classtype:trojan-activity;sid:84296648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.129.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433547/; classtype:trojan-activity;sid:84296647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"169.224.101.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433546/; classtype:trojan-activity;sid:84296646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.103.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433545/; classtype:trojan-activity;sid:84296645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.218.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433544/; classtype:trojan-activity;sid:84296644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.175.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433543/; classtype:trojan-activity;sid:84296643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.203.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433542/; classtype:trojan-activity;sid:84296642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.9.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433540/; classtype:trojan-activity;sid:84296640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.94.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433541/; classtype:trojan-activity;sid:84296641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.85.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433539/; classtype:trojan-activity;sid:84296639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.175.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433538/; classtype:trojan-activity;sid:84296638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433537)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"194.85.251.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433537/; classtype:trojan-activity;sid:84296637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.254.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433536/; classtype:trojan-activity;sid:84296636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.9.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433535/; classtype:trojan-activity;sid:84296635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.76.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433534/; classtype:trojan-activity;sid:84296634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433533)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.131.92.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433533/; classtype:trojan-activity;sid:84296633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.169.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433532/; classtype:trojan-activity;sid:84296632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.114.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433531/; classtype:trojan-activity;sid:84296631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.23.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433530/; classtype:trojan-activity;sid:84296630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.11.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433529/; classtype:trojan-activity;sid:84296629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.245.2.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433528/; classtype:trojan-activity;sid:84296628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.9.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433527/; classtype:trojan-activity;sid:84296627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.92.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433526/; classtype:trojan-activity;sid:84296626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433525)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.136.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433525/; classtype:trojan-activity;sid:84296625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433524)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433524/; classtype:trojan-activity;sid:84296624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.76.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433523/; classtype:trojan-activity;sid:84296623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.146.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433522/; classtype:trojan-activity;sid:84296622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433521)"; flow:established,from_client; content:"GET"; http_method; content:"/lem.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"yodartustteam.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433521/; classtype:trojan-activity;sid:84296621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.47.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433520/; classtype:trojan-activity;sid:84296620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.79.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433519/; classtype:trojan-activity;sid:84296619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.90.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433518/; classtype:trojan-activity;sid:84296618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.146.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433517/; classtype:trojan-activity;sid:84296617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433516)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.90.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433516/; classtype:trojan-activity;sid:84296616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.90.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433515/; classtype:trojan-activity;sid:84296615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.26.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433514/; classtype:trojan-activity;sid:84296614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433513)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.12.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433513/; classtype:trojan-activity;sid:84296613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433512)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.86.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433512/; classtype:trojan-activity;sid:84296612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433511/; classtype:trojan-activity;sid:84296611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433510)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.66.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433510/; classtype:trojan-activity;sid:84296610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433509)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.78.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433509/; classtype:trojan-activity;sid:84296609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433507)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.43.170.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433507/; classtype:trojan-activity;sid:84296607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433508)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.153.214.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433508/; classtype:trojan-activity;sid:84296608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.86.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433506/; classtype:trojan-activity;sid:84296606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.104.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433505/; classtype:trojan-activity;sid:84296605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.30.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433504/; classtype:trojan-activity;sid:84296604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.196.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433503/; classtype:trojan-activity;sid:84296603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.236.227.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433502/; classtype:trojan-activity;sid:84296602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.51.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433501/; classtype:trojan-activity;sid:84296601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433500)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.183.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433500/; classtype:trojan-activity;sid:84296600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.69.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433499/; classtype:trojan-activity;sid:84296599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433498)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.47.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433498/; classtype:trojan-activity;sid:84296598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433497/; classtype:trojan-activity;sid:84296597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.180.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433494/; classtype:trojan-activity;sid:84296594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.15.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433495/; classtype:trojan-activity;sid:84296595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.1.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433496/; classtype:trojan-activity;sid:84296596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.174.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433493/; classtype:trojan-activity;sid:84296593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433492)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.233.237.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433492/; classtype:trojan-activity;sid:84296592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433491)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.30.62"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433491/; classtype:trojan-activity;sid:84296591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.134.132.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433490/; classtype:trojan-activity;sid:84296590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.86.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433489/; classtype:trojan-activity;sid:84296589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433488)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.72.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433488/; classtype:trojan-activity;sid:84296588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.104.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433487/; classtype:trojan-activity;sid:84296587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.66.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433486/; classtype:trojan-activity;sid:84296586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.111.102.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433485/; classtype:trojan-activity;sid:84296585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.196.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433484/; classtype:trojan-activity;sid:84296584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433481)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.62.226.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433481/; classtype:trojan-activity;sid:84296581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433482)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.62.226.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433482/; classtype:trojan-activity;sid:84296582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433483)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.62.226.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433483/; classtype:trojan-activity;sid:84296583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.221.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433480/; classtype:trojan-activity;sid:84296580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433479)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.173.72.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433479/; classtype:trojan-activity;sid:84296579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.51.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433478/; classtype:trojan-activity;sid:84296578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433477)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/r8cmk3xdjwpf0p4/wvff.pdf/file"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433477/; classtype:trojan-activity;sid:84296577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.80.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433476/; classtype:trojan-activity;sid:84296576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433474)"; flow:established,from_client; content:"GET"; http_method; content:"/guba.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"connect-cdn-api.tastinessrebaterunny.shop"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433474/; classtype:trojan-activity;sid:84296574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433475)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/n0mtrwx8bmk91qg/efzburbiic.mp3/file"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433475/; classtype:trojan-activity;sid:84296575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433471)"; flow:established,from_client; content:"GET"; http_method; content:"/ziba.map"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"connect-cdn-api.tastinessrebaterunny.shop"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433471/; classtype:trojan-activity;sid:84296571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433472)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/bzkhqj3zqh8jeiw/eqikd.wav/file"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433472/; classtype:trojan-activity;sid:84296572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433473)"; flow:established,from_client; content:"GET"; http_method; content:"/ruba.bpl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"connect-cdn-api.tastinessrebaterunny.shop"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433473/; classtype:trojan-activity;sid:84296573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433470)"; flow:established,from_client; content:"GET"; http_method; content:"/5n0wwuwk3d"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"nopaste.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433470/; classtype:trojan-activity;sid:84296570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433469)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.229.233.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433469/; classtype:trojan-activity;sid:84296569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433467)"; flow:established,from_client; content:"GET"; http_method; content:"/31gmoyufdi"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"nopaste.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433467/; classtype:trojan-activity;sid:84296567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433468)"; flow:established,from_client; content:"GET"; http_method; content:"/gffvm8slzb"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"nopaste.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433468/; classtype:trojan-activity;sid:84296568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433466)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/1333756286604677186/1338089263211741214/13_-cotemporanean-waterbrose-9011.zip|3f|ex=67a9d03c|7c|26|7c|is=67a87ebc|7c|26|7c|hm=5ec4d25ab35d6fed3262de81b996f4f8a06fad4d7085e91667330c21d13238e4|7c|26|7c|"; http_uri; depth:213; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433466/; classtype:trojan-activity;sid:84296566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433465)"; flow:established,from_client; content:"GET"; http_method; content:"/fc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"156.229.233.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433465/; classtype:trojan-activity;sid:84296565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.161.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433464/; classtype:trojan-activity;sid:84296564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.134.132.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433463/; classtype:trojan-activity;sid:84296563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.216.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433462/; classtype:trojan-activity;sid:84296562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.124.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433461/; classtype:trojan-activity;sid:84296561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.111.102.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433460/; classtype:trojan-activity;sid:84296560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.25.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433459/; classtype:trojan-activity;sid:84296559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.62.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433458/; classtype:trojan-activity;sid:84296558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.83.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433457/; classtype:trojan-activity;sid:84296557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.81.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433456/; classtype:trojan-activity;sid:84296556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.221.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433455/; classtype:trojan-activity;sid:84296555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.161.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433454/; classtype:trojan-activity;sid:84296554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.114.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433453/; classtype:trojan-activity;sid:84296553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.209.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433452/; classtype:trojan-activity;sid:84296552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.65.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433451/; classtype:trojan-activity;sid:84296551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.109.237.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433450/; classtype:trojan-activity;sid:84296550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433449)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gang123isgodloluaintgettingthesebinslikedammwtf.ppc"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"3b5s.supermariocoin1.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433449/; classtype:trojan-activity;sid:84296549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433448)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gang123isgodloluaintgettingthesebinslikedammwtf.m68k"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"3b5s.supermariocoin1.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433448/; classtype:trojan-activity;sid:84296548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433440)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gang123isgodloluaintgettingthesebinslikedammwtf.arm6"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"3b5s.supermariocoin1.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433440/; classtype:trojan-activity;sid:84296540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433441)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gang123isgodloluaintgettingthesebinslikedammwtf.arm"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"3b5s.supermariocoin1.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433441/; classtype:trojan-activity;sid:84296541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433442)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gang123isgodloluaintgettingthesebinslikedammwtf.mips"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"3b5s.supermariocoin1.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433442/; classtype:trojan-activity;sid:84296542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433443)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gang123isgodloluaintgettingthesebinslikedammwtf.sh4"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"3b5s.supermariocoin1.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433443/; classtype:trojan-activity;sid:84296543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433444)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gang123isgodloluaintgettingthesebinslikedammwtf.spc"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"3b5s.supermariocoin1.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433444/; classtype:trojan-activity;sid:84296544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433445)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gang123isgodloluaintgettingthesebinslikedammwtf.arm7"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"3b5s.supermariocoin1.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433445/; classtype:trojan-activity;sid:84296545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433446)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gang123isgodloluaintgettingthesebinslikedammwtf.x86"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"3b5s.supermariocoin1.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433446/; classtype:trojan-activity;sid:84296546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433447)"; flow:established,from_client; content:"GET"; http_method; content:"/8usa.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"3b5s.supermariocoin1.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433447/; classtype:trojan-activity;sid:84296547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433439)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gang123isgodloluaintgettingthesebinslikedammwtf.arm5"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"3b5s.supermariocoin1.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433439/; classtype:trojan-activity;sid:84296539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433438)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gang123isgodloluaintgettingthesebinslikedammwtf.mpsl"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"3b5s.supermariocoin1.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433438/; classtype:trojan-activity;sid:84296538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433437)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.36.23.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433437/; classtype:trojan-activity;sid:84296537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.110.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433434/; classtype:trojan-activity;sid:84296534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.236.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433433/; classtype:trojan-activity;sid:84296533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.75.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433432/; classtype:trojan-activity;sid:84296532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.2.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433431/; classtype:trojan-activity;sid:84296531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433430)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gang123isgodloluaintgettingthesebinslikedammwtf.x86"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"89.32.41.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433430/; classtype:trojan-activity;sid:84296530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433428)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gang123isgodloluaintgettingthesebinslikedammwtf.arm7"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"89.32.41.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433428/; classtype:trojan-activity;sid:84296528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.209.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433429/; classtype:trojan-activity;sid:84296529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433427)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gang123isgodloluaintgettingthesebinslikedammwtf.ppc"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"89.32.41.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433427/; classtype:trojan-activity;sid:84296527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433426)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gang123isgodloluaintgettingthesebinslikedammwtf.arm5"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"89.32.41.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433426/; classtype:trojan-activity;sid:84296526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433425)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gang123isgodloluaintgettingthesebinslikedammwtf.sh4"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"89.32.41.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433425/; classtype:trojan-activity;sid:84296525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433417)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gang123isgodloluaintgettingthesebinslikedammwtf.m68k"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"89.32.41.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433417/; classtype:trojan-activity;sid:84296517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433418)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gang123isgodloluaintgettingthesebinslikedammwtf.mips"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"89.32.41.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433418/; classtype:trojan-activity;sid:84296518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433419)"; flow:established,from_client; content:"GET"; http_method; content:"/8usa.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"89.32.41.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433419/; classtype:trojan-activity;sid:84296519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433420)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gang123isgodloluaintgettingthesebinslikedammwtf.mpsl"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"89.32.41.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433420/; classtype:trojan-activity;sid:84296520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433421)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gang123isgodloluaintgettingthesebinslikedammwtf.arm"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"89.32.41.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433421/; classtype:trojan-activity;sid:84296521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433422)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gang123isgodloluaintgettingthesebinslikedammwtf.arm6"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"89.32.41.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433422/; classtype:trojan-activity;sid:84296522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433423)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gang123isgodloluaintgettingthesebinslikedammwtf.spc"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"89.32.41.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433423/; classtype:trojan-activity;sid:84296523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.236.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433424/; classtype:trojan-activity;sid:84296524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"140.237.7.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433416/; classtype:trojan-activity;sid:84296516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433411)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.158.244.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433411/; classtype:trojan-activity;sid:84296511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433412)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.158.244.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433412/; classtype:trojan-activity;sid:84296512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433413)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.158.244.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433413/; classtype:trojan-activity;sid:84296513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433414)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.158.244.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433414/; classtype:trojan-activity;sid:84296514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433415)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.158.244.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433415/; classtype:trojan-activity;sid:84296515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433403)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.158.244.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433403/; classtype:trojan-activity;sid:84296503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433404)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"nifty-ishizaka.94-158-244-103.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433404/; classtype:trojan-activity;sid:84296504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433405)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"nifty-ishizaka.94-158-244-103.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433405/; classtype:trojan-activity;sid:84296505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433406)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.158.244.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433406/; classtype:trojan-activity;sid:84296506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433407)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"nifty-ishizaka.94-158-244-103.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433407/; classtype:trojan-activity;sid:84296507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433408)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.158.244.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433408/; classtype:trojan-activity;sid:84296508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433409)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"nifty-ishizaka.94-158-244-103.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433409/; classtype:trojan-activity;sid:84296509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433410)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"nifty-ishizaka.94-158-244-103.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433410/; classtype:trojan-activity;sid:84296510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433394)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"nifty-ishizaka.94-158-244-103.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433394/; classtype:trojan-activity;sid:84296494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433395)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"nifty-ishizaka.94-158-244-103.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433395/; classtype:trojan-activity;sid:84296495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433396)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"nifty-ishizaka.94-158-244-103.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433396/; classtype:trojan-activity;sid:84296496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433397)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"nifty-ishizaka.94-158-244-103.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433397/; classtype:trojan-activity;sid:84296497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433398)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.158.244.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433398/; classtype:trojan-activity;sid:84296498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433399)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"nifty-ishizaka.94-158-244-103.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433399/; classtype:trojan-activity;sid:84296499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433400)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"nifty-ishizaka.94-158-244-103.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433400/; classtype:trojan-activity;sid:84296500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433401)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.158.244.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433401/; classtype:trojan-activity;sid:84296501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433402)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.158.244.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433402/; classtype:trojan-activity;sid:84296502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433393)"; flow:established,from_client; content:"GET"; http_method; content:"/jackmyass.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"165.154.224.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433393/; classtype:trojan-activity;sid:84296493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.18.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433392/; classtype:trojan-activity;sid:84296492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433391)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"165.154.224.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433391/; classtype:trojan-activity;sid:84296491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.81.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433390/; classtype:trojan-activity;sid:84296490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.85.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433389/; classtype:trojan-activity;sid:84296489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433388)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.189.1.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433388/; classtype:trojan-activity;sid:84296488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.182.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433387/; classtype:trojan-activity;sid:84296487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433378)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.189.1.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433378/; classtype:trojan-activity;sid:84296478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433379)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.189.1.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433379/; classtype:trojan-activity;sid:84296479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433380)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.189.1.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433380/; classtype:trojan-activity;sid:84296480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433381)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.189.1.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433381/; classtype:trojan-activity;sid:84296481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433382)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.189.1.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433382/; classtype:trojan-activity;sid:84296482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433383)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.189.1.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433383/; classtype:trojan-activity;sid:84296483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433384)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.189.1.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433384/; classtype:trojan-activity;sid:84296484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433385)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.189.1.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433385/; classtype:trojan-activity;sid:84296485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433386)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"107.189.1.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433386/; classtype:trojan-activity;sid:84296486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.80.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433377/; classtype:trojan-activity;sid:84296477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.241.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433376/; classtype:trojan-activity;sid:84296476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.26.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433375/; classtype:trojan-activity;sid:84296475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.36.148.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433374/; classtype:trojan-activity;sid:84296474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433373)"; flow:established,from_client; content:"GET"; http_method; content:"/systoolsvcardconvertersetup.msi"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"77.105.161.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433373/; classtype:trojan-activity;sid:84296473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.129.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433371/; classtype:trojan-activity;sid:84296471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.14.65"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433372/; classtype:trojan-activity;sid:84296472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.85.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433370/; classtype:trojan-activity;sid:84296470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433369)"; flow:established,from_client; content:"GET"; http_method; content:"/captcha.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"77.105.161.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433369/; classtype:trojan-activity;sid:84296469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"140.237.7.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433368/; classtype:trojan-activity;sid:84296468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.70.15.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433367/; classtype:trojan-activity;sid:84296467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.18.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433366/; classtype:trojan-activity;sid:84296466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433365)"; flow:established,from_client; content:"GET"; http_method; content:"/best/new/rechnung"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kieudjrie.live"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433365/; classtype:trojan-activity;sid:84296465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.80.160.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433364/; classtype:trojan-activity;sid:84296464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.196.122.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433363/; classtype:trojan-activity;sid:84296463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.236.157.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433359/; classtype:trojan-activity;sid:84296459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.40.242.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433360/; classtype:trojan-activity;sid:84296460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.27.94.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433361/; classtype:trojan-activity;sid:84296461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.91.77.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433362/; classtype:trojan-activity;sid:84296462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.231.165.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433358/; classtype:trojan-activity;sid:84296458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.238.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433350/; classtype:trojan-activity;sid:84296450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.36.248.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433351/; classtype:trojan-activity;sid:84296451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.74.151.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433352/; classtype:trojan-activity;sid:84296452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433353)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.96.251.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433353/; classtype:trojan-activity;sid:84296453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.63.5.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433354/; classtype:trojan-activity;sid:84296454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.211.107.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433355/; classtype:trojan-activity;sid:84296455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.181.66.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433356/; classtype:trojan-activity;sid:84296456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.31.8.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433357/; classtype:trojan-activity;sid:84296457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.189.171.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433349/; classtype:trojan-activity;sid:84296449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.4.101.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433345/; classtype:trojan-activity;sid:84296445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.168.9.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433346/; classtype:trojan-activity;sid:84296446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.81.45.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433347/; classtype:trojan-activity;sid:84296447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.8.186.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433348/; classtype:trojan-activity;sid:84296448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.182.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433344/; classtype:trojan-activity;sid:84296444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433343)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rechnung_2025_02_05.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"base-airdrop.co"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433343/; classtype:trojan-activity;sid:84296443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433342)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.117.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433342/; classtype:trojan-activity;sid:84296442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.52.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433341/; classtype:trojan-activity;sid:84296441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.241.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433340/; classtype:trojan-activity;sid:84296440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433339)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.217.111.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433339/; classtype:trojan-activity;sid:84296439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433338)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.189.108.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433338/; classtype:trojan-activity;sid:84296438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433336)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.50.12.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433336/; classtype:trojan-activity;sid:84296436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433337)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.255.191.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433337/; classtype:trojan-activity;sid:84296437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433335)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.113.225.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433335/; classtype:trojan-activity;sid:84296435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433332)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.44.65.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433332/; classtype:trojan-activity;sid:84296432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433333)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.237.133.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433333/; classtype:trojan-activity;sid:84296433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433334)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.237.133.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433334/; classtype:trojan-activity;sid:84296434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433330)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.19.228.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433330/; classtype:trojan-activity;sid:84296430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433331)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.205.236.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433331/; classtype:trojan-activity;sid:84296431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433329)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.209.162.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433329/; classtype:trojan-activity;sid:84296429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433328)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.37.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433328/; classtype:trojan-activity;sid:84296428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433324)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433324/; classtype:trojan-activity;sid:84296424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433325)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433325/; classtype:trojan-activity;sid:84296425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433326)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.116.68.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433326/; classtype:trojan-activity;sid:84296426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433327)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.0.100.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433327/; classtype:trojan-activity;sid:84296427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433323)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.164.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433323/; classtype:trojan-activity;sid:84296423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.4.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433322/; classtype:trojan-activity;sid:84296422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433321)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.157.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433321/; classtype:trojan-activity;sid:84296421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.36.148.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433318/; classtype:trojan-activity;sid:84296418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433319)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.147.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433319/; classtype:trojan-activity;sid:84296419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433320)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.115.107.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433320/; classtype:trojan-activity;sid:84296420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.46.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433317/; classtype:trojan-activity;sid:84296417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.178.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433316/; classtype:trojan-activity;sid:84296416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433315)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.189.1.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433315/; classtype:trojan-activity;sid:84296415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.26.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433314/; classtype:trojan-activity;sid:84296414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.146.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433313/; classtype:trojan-activity;sid:84296413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.160.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433309/; classtype:trojan-activity;sid:84296409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.157.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433310/; classtype:trojan-activity;sid:84296410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.109.237.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433311/; classtype:trojan-activity;sid:84296411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.10.88"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433312/; classtype:trojan-activity;sid:84296412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433308)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.189.1.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433308/; classtype:trojan-activity;sid:84296408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433307)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.67.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433307/; classtype:trojan-activity;sid:84296407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433306)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.131.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433306/; classtype:trojan-activity;sid:84296406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.16.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433305/; classtype:trojan-activity;sid:84296405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.249.28.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433304/; classtype:trojan-activity;sid:84296404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.49.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433303/; classtype:trojan-activity;sid:84296403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.242.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433302/; classtype:trojan-activity;sid:84296402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.46.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433301/; classtype:trojan-activity;sid:84296401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433300)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.134.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433300/; classtype:trojan-activity;sid:84296400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.178.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433299/; classtype:trojan-activity;sid:84296399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.157.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433298/; classtype:trojan-activity;sid:84296398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.87.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433297/; classtype:trojan-activity;sid:84296397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.67.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433296/; classtype:trojan-activity;sid:84296396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.13.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433295/; classtype:trojan-activity;sid:84296395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.232.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433294/; classtype:trojan-activity;sid:84296394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433293)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.23.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433293/; classtype:trojan-activity;sid:84296393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.124.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433292/; classtype:trojan-activity;sid:84296392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.242.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433291/; classtype:trojan-activity;sid:84296391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.249.28.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433290/; classtype:trojan-activity;sid:84296390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.151.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433289/; classtype:trojan-activity;sid:84296389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.13.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433288/; classtype:trojan-activity;sid:84296388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433287)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.79.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433287/; classtype:trojan-activity;sid:84296387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.29.28.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433286/; classtype:trojan-activity;sid:84296386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433285)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.232.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433285/; classtype:trojan-activity;sid:84296385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.84.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433284/; classtype:trojan-activity;sid:84296384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.214.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433283/; classtype:trojan-activity;sid:84296383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.240.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433282/; classtype:trojan-activity;sid:84296382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.4.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433281/; classtype:trojan-activity;sid:84296381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.232.73.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433280/; classtype:trojan-activity;sid:84296380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.94.210.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433279/; classtype:trojan-activity;sid:84296379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.170.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433278/; classtype:trojan-activity;sid:84296378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.62.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433277/; classtype:trojan-activity;sid:84296377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.29.28.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433276/; classtype:trojan-activity;sid:84296376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.151.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433275/; classtype:trojan-activity;sid:84296375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.84.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433274/; classtype:trojan-activity;sid:84296374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.232.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433273/; classtype:trojan-activity;sid:84296373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433272)"; flow:established,from_client; content:"GET"; http_method; content:"/wsf4e6.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433272/; classtype:trojan-activity;sid:84296372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433271)"; flow:established,from_client; content:"GET"; http_method; content:"/ijov03.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433271/; classtype:trojan-activity;sid:84296371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433270)"; flow:established,from_client; content:"GET"; http_method; content:"/f8rtcq.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433270/; classtype:trojan-activity;sid:84296370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433269)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.60.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433269/; classtype:trojan-activity;sid:84296369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.41.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433268/; classtype:trojan-activity;sid:84296368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.72.32.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433267/; classtype:trojan-activity;sid:84296367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.31.167"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433266/; classtype:trojan-activity;sid:84296366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.241.64.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433265/; classtype:trojan-activity;sid:84296365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.46.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433264/; classtype:trojan-activity;sid:84296364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.94.210.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433263/; classtype:trojan-activity;sid:84296363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433262/; classtype:trojan-activity;sid:84296362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433261/; classtype:trojan-activity;sid:84296361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.24.176.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433260/; classtype:trojan-activity;sid:84296360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.254.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433259/; classtype:trojan-activity;sid:84296359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.35.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433258/; classtype:trojan-activity;sid:84296358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.49.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433257/; classtype:trojan-activity;sid:84296357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.172.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433255/; classtype:trojan-activity;sid:84296355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.72.32.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433256/; classtype:trojan-activity;sid:84296356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433249)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"senbicaehgd.dns.army"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433249/; classtype:trojan-activity;sid:84296349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433250)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.i686"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"yunger.ddns.cam"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433250/; classtype:trojan-activity;sid:84296350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433251)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cnc.stressamp.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433251/; classtype:trojan-activity;sid:84296351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433252)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"helpsharp.ydns.eu"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433252/; classtype:trojan-activity;sid:84296352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433253)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.i686"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"indexdougents.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433253/; classtype:trojan-activity;sid:84296353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433254)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"senbicaehgd.dns.army"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433254/; classtype:trojan-activity;sid:84296354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433233)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"testla.ddns.cam"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433233/; classtype:trojan-activity;sid:84296333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433234)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"helpsharp.ydns.eu"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433234/; classtype:trojan-activity;sid:84296334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433235)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.i686"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"otchibaa.nowddns.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433235/; classtype:trojan-activity;sid:84296335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433236)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"indexdougents.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433236/; classtype:trojan-activity;sid:84296336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433237)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"indexdougents.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433237/; classtype:trojan-activity;sid:84296337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433238)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"bctabsogebtmoutsgs.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433238/; classtype:trojan-activity;sid:84296338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433239)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"reducbabmaytgout.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433239/; classtype:trojan-activity;sid:84296339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433240)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"reducbabmaytgout.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433240/; classtype:trojan-activity;sid:84296340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433241)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"helpsharp.ydns.eu"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433241/; classtype:trojan-activity;sid:84296341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433242)"; flow:established,from_client; content:"GET"; http_method; content:"/bins//hgf.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"uthinker.ddns.cam"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433242/; classtype:trojan-activity;sid:84296342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433243)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433243/; classtype:trojan-activity;sid:84296343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433244)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"193.143.1.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433244/; classtype:trojan-activity;sid:84296344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433245)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.143.1.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433245/; classtype:trojan-activity;sid:84296345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433246)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"indexdougents.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433246/; classtype:trojan-activity;sid:84296346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433247)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"becaconmougot.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433247/; classtype:trojan-activity;sid:84296347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433248)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"otchibaa.nowddns.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433248/; classtype:trojan-activity;sid:84296348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433218)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"reducbabmaytgout.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433218/; classtype:trojan-activity;sid:84296318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433219)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"testeco.dns.army"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433219/; classtype:trojan-activity;sid:84296319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433220)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bctabsogebtmoutsgs.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433220/; classtype:trojan-activity;sid:84296320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433221)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"reducbabmaytgout.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433221/; classtype:trojan-activity;sid:84296321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433222)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"yunger.ddns.cam"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433222/; classtype:trojan-activity;sid:84296322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433223)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cnc.stressamp.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433223/; classtype:trojan-activity;sid:84296323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433224)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"senbicaehgd.dns.army"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433224/; classtype:trojan-activity;sid:84296324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433225)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"senbicaehgd.dns.army"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433225/; classtype:trojan-activity;sid:84296325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433226)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"bctabsogebtmoutsgs.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433226/; classtype:trojan-activity;sid:84296326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433227)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.i686"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"reducbabmaytgout.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433227/; classtype:trojan-activity;sid:84296327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433228)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"helpsharp.ydns.eu"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433228/; classtype:trojan-activity;sid:84296328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433229)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"testla.ddns.cam"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433229/; classtype:trojan-activity;sid:84296329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433230)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"senbicaehgd.dns.army"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433230/; classtype:trojan-activity;sid:84296330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433231)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.i686"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"becaconmougot.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433231/; classtype:trojan-activity;sid:84296331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433232)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"senbicaehgd.dns.army"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433232/; classtype:trojan-activity;sid:84296332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433213)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"cnc.stressamp.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433213/; classtype:trojan-activity;sid:84296313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433214)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"testla.ddns.cam"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433214/; classtype:trojan-activity;sid:84296314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433215)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.i686"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bctabsogebtmoutsgs.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433215/; classtype:trojan-activity;sid:84296315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433216)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"indexdougents.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433216/; classtype:trojan-activity;sid:84296316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433217)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bctabsogebtmoutsgs.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433217/; classtype:trojan-activity;sid:84296317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433205)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"becaconmougot.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433205/; classtype:trojan-activity;sid:84296305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433206)"; flow:established,from_client; content:"GET"; http_method; content:"/bins//hgf.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"uthinker.ddns.cam"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433206/; classtype:trojan-activity;sid:84296306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433207)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"yunger.ddns.cam"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433207/; classtype:trojan-activity;sid:84296307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433208)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.i686"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"cnc.stressamp.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433208/; classtype:trojan-activity;sid:84296308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433209)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"otchibaa.nowddns.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433209/; classtype:trojan-activity;sid:84296309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433210)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"bctabsogebtmoutsgs.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433210/; classtype:trojan-activity;sid:84296310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433211)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"testeco.dns.army"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433211/; classtype:trojan-activity;sid:84296311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433212)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"193.143.1.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433212/; classtype:trojan-activity;sid:84296312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433204)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"193.143.1.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433204/; classtype:trojan-activity;sid:84296304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433201)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"testeco.dns.army"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433201/; classtype:trojan-activity;sid:84296301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433202)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"yunger.ddns.cam"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433202/; classtype:trojan-activity;sid:84296302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433203)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"testeco.dns.army"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433203/; classtype:trojan-activity;sid:84296303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433190)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"reducbabmaytgout.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433190/; classtype:trojan-activity;sid:84296290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433191)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"testeco.dns.army"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433191/; classtype:trojan-activity;sid:84296291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433192)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"testeco.dns.army"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433192/; classtype:trojan-activity;sid:84296292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433193)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"otchibaa.nowddns.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433193/; classtype:trojan-activity;sid:84296293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433194)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"reducbabmaytgout.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433194/; classtype:trojan-activity;sid:84296294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433195)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bctabsogebtmoutsgs.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433195/; classtype:trojan-activity;sid:84296295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433196)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"testeco.dns.army"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433196/; classtype:trojan-activity;sid:84296296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433197)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"reducbabmaytgout.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433197/; classtype:trojan-activity;sid:84296297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433198)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"yunger.ddns.cam"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433198/; classtype:trojan-activity;sid:84296298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433199)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"yunger.ddns.cam"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433199/; classtype:trojan-activity;sid:84296299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433200)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"otchibaa.nowddns.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433200/; classtype:trojan-activity;sid:84296300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433177)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bctabsogebtmoutsgs.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433177/; classtype:trojan-activity;sid:84296277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433178)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"helpsharp.ydns.eu"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433178/; classtype:trojan-activity;sid:84296278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433179)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"testeco.dns.army"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433179/; classtype:trojan-activity;sid:84296279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433180)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433180/; classtype:trojan-activity;sid:84296280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433181)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"reducbabmaytgout.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433181/; classtype:trojan-activity;sid:84296281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433182)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"helpsharp.ydns.eu"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433182/; classtype:trojan-activity;sid:84296282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433183)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"cnc.stressamp.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433183/; classtype:trojan-activity;sid:84296283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433184)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"reducbabmaytgout.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433184/; classtype:trojan-activity;sid:84296284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433185)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"otchibaa.nowddns.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433185/; classtype:trojan-activity;sid:84296285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433186)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"yunger.ddns.cam"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433186/; classtype:trojan-activity;sid:84296286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433187)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"testla.ddns.cam"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433187/; classtype:trojan-activity;sid:84296287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433188)"; flow:established,from_client; content:"GET"; http_method; content:"/bins//hgf.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"uthinker.ddns.cam"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433188/; classtype:trojan-activity;sid:84296288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433189)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"reducbabmaytgout.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433189/; classtype:trojan-activity;sid:84296289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433172)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"becaconmougot.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433172/; classtype:trojan-activity;sid:84296272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433173)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"becaconmougot.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433173/; classtype:trojan-activity;sid:84296273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433174)"; flow:established,from_client; content:"GET"; http_method; content:"/bins//hgf.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"uthinker.ddns.cam"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433174/; classtype:trojan-activity;sid:84296274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433175)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"testla.ddns.cam"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433175/; classtype:trojan-activity;sid:84296275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433176)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"yunger.ddns.cam"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433176/; classtype:trojan-activity;sid:84296276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433168)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"senbicaehgd.dns.army"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433168/; classtype:trojan-activity;sid:84296268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433169)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433169/; classtype:trojan-activity;sid:84296269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433170)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"becaconmougot.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433170/; classtype:trojan-activity;sid:84296270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433171)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"193.143.1.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433171/; classtype:trojan-activity;sid:84296271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433167)"; flow:established,from_client; content:"GET"; http_method; content:"/bins//hgf.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"uthinker.ddns.cam"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433167/; classtype:trojan-activity;sid:84296267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433165)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433165/; classtype:trojan-activity;sid:84296265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433166)"; flow:established,from_client; content:"GET"; http_method; content:"/bins//hgf.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"uthinker.ddns.cam"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433166/; classtype:trojan-activity;sid:84296266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433155)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.i686"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"testla.ddns.cam"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433155/; classtype:trojan-activity;sid:84296255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433156)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"becaconmougot.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433156/; classtype:trojan-activity;sid:84296256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433157)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"cnc.stressamp.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433157/; classtype:trojan-activity;sid:84296257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433158)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"otchibaa.nowddns.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433158/; classtype:trojan-activity;sid:84296258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433159)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"otchibaa.nowddns.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433159/; classtype:trojan-activity;sid:84296259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433160)"; flow:established,from_client; content:"GET"; http_method; content:"/bins//hgf.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"uthinker.ddns.cam"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433160/; classtype:trojan-activity;sid:84296260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433161)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"senbicaehgd.dns.army"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433161/; classtype:trojan-activity;sid:84296261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433162)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"otchibaa.nowddns.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433162/; classtype:trojan-activity;sid:84296262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433163)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"indexdougents.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433163/; classtype:trojan-activity;sid:84296263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433164)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bctabsogebtmoutsgs.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433164/; classtype:trojan-activity;sid:84296264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433142)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"testeco.dns.army"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433142/; classtype:trojan-activity;sid:84296242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433143)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"becaconmougot.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433143/; classtype:trojan-activity;sid:84296243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433144)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"becaconmougot.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433144/; classtype:trojan-activity;sid:84296244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433145)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"becaconmougot.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433145/; classtype:trojan-activity;sid:84296245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433146)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"bctabsogebtmoutsgs.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433146/; classtype:trojan-activity;sid:84296246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433147)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"193.143.1.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433147/; classtype:trojan-activity;sid:84296247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433148)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"indexdougents.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433148/; classtype:trojan-activity;sid:84296248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433149)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"otchibaa.nowddns.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433149/; classtype:trojan-activity;sid:84296249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433150)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"otchibaa.nowddns.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433150/; classtype:trojan-activity;sid:84296250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433151)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"otchibaa.nowddns.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433151/; classtype:trojan-activity;sid:84296251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433152)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"indexdougents.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433152/; classtype:trojan-activity;sid:84296252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433153)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"becaconmougot.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433153/; classtype:trojan-activity;sid:84296253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433154)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"indexdougents.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433154/; classtype:trojan-activity;sid:84296254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433127)"; flow:established,from_client; content:"GET"; http_method; content:"/bins//hgf.arc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"uthinker.ddns.cam"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433127/; classtype:trojan-activity;sid:84296227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433128)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"yunger.ddns.cam"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433128/; classtype:trojan-activity;sid:84296228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433129)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"yunger.ddns.cam"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433129/; classtype:trojan-activity;sid:84296229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433130)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"bctabsogebtmoutsgs.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433130/; classtype:trojan-activity;sid:84296230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433131)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"testla.ddns.cam"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433131/; classtype:trojan-activity;sid:84296231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433132)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"indexdougents.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433132/; classtype:trojan-activity;sid:84296232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433133)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"reducbabmaytgout.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433133/; classtype:trojan-activity;sid:84296233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433134)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"becaconmougot.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433134/; classtype:trojan-activity;sid:84296234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433135)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"indexdougents.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433135/; classtype:trojan-activity;sid:84296235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433136)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"indexdougents.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433136/; classtype:trojan-activity;sid:84296236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433137)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"helpsharp.ydns.eu"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433137/; classtype:trojan-activity;sid:84296237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433138)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"testla.ddns.cam"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433138/; classtype:trojan-activity;sid:84296238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433139)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"testla.ddns.cam"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433139/; classtype:trojan-activity;sid:84296239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433140)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"testla.ddns.cam"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433140/; classtype:trojan-activity;sid:84296240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433141)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bctabsogebtmoutsgs.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433141/; classtype:trojan-activity;sid:84296241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433126)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"yunger.ddns.cam"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433126/; classtype:trojan-activity;sid:84296226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433125)"; flow:established,from_client; content:"GET"; http_method; content:"/bins//hgf.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"uthinker.ddns.cam"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433125/; classtype:trojan-activity;sid:84296225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433119)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"senbicaehgd.dns.army"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433119/; classtype:trojan-activity;sid:84296219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433120)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"testla.ddns.cam"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433120/; classtype:trojan-activity;sid:84296220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433121)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"testla.ddns.cam"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433121/; classtype:trojan-activity;sid:84296221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433122)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"yunger.ddns.cam"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433122/; classtype:trojan-activity;sid:84296222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433123)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433123/; classtype:trojan-activity;sid:84296223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433124)"; flow:established,from_client; content:"GET"; http_method; content:"/bins//hgf.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"uthinker.ddns.cam"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433124/; classtype:trojan-activity;sid:84296224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433117)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"testeco.dns.army"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433117/; classtype:trojan-activity;sid:84296217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433118)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"cnc.stressamp.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433118/; classtype:trojan-activity;sid:84296218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433109)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"cnc.stressamp.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433109/; classtype:trojan-activity;sid:84296209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433110)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"senbicaehgd.dns.army"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433110/; classtype:trojan-activity;sid:84296210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433111)"; flow:established,from_client; content:"GET"; http_method; content:"/bins//hgf.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"uthinker.ddns.cam"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433111/; classtype:trojan-activity;sid:84296211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433112)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.i686"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"helpsharp.ydns.eu"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433112/; classtype:trojan-activity;sid:84296212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433113)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.i686"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"testeco.dns.army"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433113/; classtype:trojan-activity;sid:84296213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433114)"; flow:established,from_client; content:"GET"; http_method; content:"/bins//hgf.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"uthinker.ddns.cam"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433114/; classtype:trojan-activity;sid:84296214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433115)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"senbicaehgd.dns.army"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433115/; classtype:trojan-activity;sid:84296215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433116)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"cnc.stressamp.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433116/; classtype:trojan-activity;sid:84296216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433107)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"helpsharp.ydns.eu"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433107/; classtype:trojan-activity;sid:84296207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433108)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"testeco.dns.army"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433108/; classtype:trojan-activity;sid:84296208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433100)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"helpsharp.ydns.eu"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433100/; classtype:trojan-activity;sid:84296200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433101)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.i686"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"senbicaehgd.dns.army"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433101/; classtype:trojan-activity;sid:84296201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433102)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cnc.stressamp.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433102/; classtype:trojan-activity;sid:84296202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433103)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"helpsharp.ydns.eu"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433103/; classtype:trojan-activity;sid:84296203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433104)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"cnc.stressamp.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433104/; classtype:trojan-activity;sid:84296204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433105)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cnc.stressamp.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433105/; classtype:trojan-activity;sid:84296205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433106)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"helpsharp.ydns.eu"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433106/; classtype:trojan-activity;sid:84296206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433099)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"193.143.1.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433099/; classtype:trojan-activity;sid:84296199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433097)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.i686"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"193.143.1.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433097/; classtype:trojan-activity;sid:84296197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433098)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hgf.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433098/; classtype:trojan-activity;sid:84296198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.2.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433095/; classtype:trojan-activity;sid:84296195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.233.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433096/; classtype:trojan-activity;sid:84296196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433094)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.24.176.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433094/; classtype:trojan-activity;sid:84296194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.46.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433093/; classtype:trojan-activity;sid:84296193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433092)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.30.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433092/; classtype:trojan-activity;sid:84296192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433091)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433091/; classtype:trojan-activity;sid:84296191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433090)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.60.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433090/; classtype:trojan-activity;sid:84296190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433089/; classtype:trojan-activity;sid:84296189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.40.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433088/; classtype:trojan-activity;sid:84296188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.118.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433087/; classtype:trojan-activity;sid:84296187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.53.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433086/; classtype:trojan-activity;sid:84296186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.42.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433085/; classtype:trojan-activity;sid:84296185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433084/; classtype:trojan-activity;sid:84296184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.238.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433082/; classtype:trojan-activity;sid:84296182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.35.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433083/; classtype:trojan-activity;sid:84296183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.241.64.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433081/; classtype:trojan-activity;sid:84296181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.26.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433080/; classtype:trojan-activity;sid:84296180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.92.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433079/; classtype:trojan-activity;sid:84296179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.118.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433078/; classtype:trojan-activity;sid:84296178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.75.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433077/; classtype:trojan-activity;sid:84296177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.42.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433076/; classtype:trojan-activity;sid:84296176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.194.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433075/; classtype:trojan-activity;sid:84296175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.40.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433074/; classtype:trojan-activity;sid:84296174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.53.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433073/; classtype:trojan-activity;sid:84296173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433070)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.assumedtribsosp.shop"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433070/; classtype:trojan-activity;sid:84296170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433071)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.assumedtribsosp.shop"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433071/; classtype:trojan-activity;sid:84296171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.107.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433072/; classtype:trojan-activity;sid:84296172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433063)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.budgetttysnzm.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433063/; classtype:trojan-activity;sid:84296163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433064)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.budgetttysnzm.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433064/; classtype:trojan-activity;sid:84296164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433065)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.budgetttysnzm.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433065/; classtype:trojan-activity;sid:84296165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433066)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.assumedtribsosp.shop"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433066/; classtype:trojan-activity;sid:84296166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433067)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.budgetttysnzm.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433067/; classtype:trojan-activity;sid:84296167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433068)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.assumedtribsosp.shop"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433068/; classtype:trojan-activity;sid:84296168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433069)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.assumedtribsosp.shop"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433069/; classtype:trojan-activity;sid:84296169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.6.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433062/; classtype:trojan-activity;sid:84296162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433055)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.budgetttysnzm.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433055/; classtype:trojan-activity;sid:84296155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433056)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.budgetttysnzm.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433056/; classtype:trojan-activity;sid:84296156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433057)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.assumedtribsosp.shop"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433057/; classtype:trojan-activity;sid:84296157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433058)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.assumedtribsosp.shop"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433058/; classtype:trojan-activity;sid:84296158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433059)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.budgetttysnzm.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433059/; classtype:trojan-activity;sid:84296159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433060)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.assumedtribsosp.shop"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433060/; classtype:trojan-activity;sid:84296160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433061)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.budgetttysnzm.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433061/; classtype:trojan-activity;sid:84296161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433054)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.budgetttysnzm.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433054/; classtype:trojan-activity;sid:84296154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433047)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.budgetttysnzm.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433047/; classtype:trojan-activity;sid:84296147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433048)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.budgetttysnzm.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433048/; classtype:trojan-activity;sid:84296148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433049)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.assumedtribsosp.shop"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433049/; classtype:trojan-activity;sid:84296149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433050)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.budgetttysnzm.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433050/; classtype:trojan-activity;sid:84296150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433051)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.assumedtribsosp.shop"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433051/; classtype:trojan-activity;sid:84296151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433052)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.assumedtribsosp.shop"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433052/; classtype:trojan-activity;sid:84296152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433053)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.assumedtribsosp.shop"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433053/; classtype:trojan-activity;sid:84296153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433046)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/qde76i5ppqjdom9goxy9b/zzjg_2.zip|3f|rlkey=g3mwyqarn84w0g7lnjq6awvgo|7c|26|7c|st=b9z4ng6j|7c|26|7c|dl=1"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433046/; classtype:trojan-activity;sid:84296146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.35.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433045/; classtype:trojan-activity;sid:84296145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.238.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433044/; classtype:trojan-activity;sid:84296144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433043)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.58.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433043/; classtype:trojan-activity;sid:84296143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433040)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.138.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433040/; classtype:trojan-activity;sid:84296140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433041)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.145.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433041/; classtype:trojan-activity;sid:84296141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433042)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.195.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433042/; classtype:trojan-activity;sid:84296142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433038)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.74.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433038/; classtype:trojan-activity;sid:84296138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433039)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.227.7.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433039/; classtype:trojan-activity;sid:84296139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433037/; classtype:trojan-activity;sid:84296137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.26.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433035/; classtype:trojan-activity;sid:84296135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.224.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433036/; classtype:trojan-activity;sid:84296136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.5.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433034/; classtype:trojan-activity;sid:84296134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.194.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433033/; classtype:trojan-activity;sid:84296133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.92.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433032/; classtype:trojan-activity;sid:84296132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433031)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.176.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433031/; classtype:trojan-activity;sid:84296131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433030)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.26.152.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433030/; classtype:trojan-activity;sid:84296130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.5.7"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433029/; classtype:trojan-activity;sid:84296129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.224.255.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433028/; classtype:trojan-activity;sid:84296128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.61.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433027/; classtype:trojan-activity;sid:84296127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433026)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.102.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433026/; classtype:trojan-activity;sid:84296126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433025)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.56.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433025/; classtype:trojan-activity;sid:84296125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433024)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.87.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433024/; classtype:trojan-activity;sid:84296124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.31.247.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433023/; classtype:trojan-activity;sid:84296123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.151.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433022/; classtype:trojan-activity;sid:84296122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.113.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433021/; classtype:trojan-activity;sid:84296121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.75.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433020/; classtype:trojan-activity;sid:84296120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433016)"; flow:established,from_client; content:"GET"; http_method; content:"/pol81n5auaxyqkwf.html"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"userverifybot.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433016/; classtype:trojan-activity;sid:84296116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433017)"; flow:established,from_client; content:"GET"; http_method; content:"/oqpxgecfsjrjkb2y.html"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"userverifybot.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433017/; classtype:trojan-activity;sid:84296117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433018)"; flow:established,from_client; content:"GET"; http_method; content:"/jksnzfc71gekedmh.html"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"userverifybot.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433018/; classtype:trojan-activity;sid:84296118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433019)"; flow:established,from_client; content:"GET"; http_method; content:"/tjyda5rzc91qabs9.html"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"userverifybot.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433019/; classtype:trojan-activity;sid:84296119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.11.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433015/; classtype:trojan-activity;sid:84296115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433014)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.6.152"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433014/; classtype:trojan-activity;sid:84296114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433013)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433013/; classtype:trojan-activity;sid:84296113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.202.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433012/; classtype:trojan-activity;sid:84296112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.189.157.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433011/; classtype:trojan-activity;sid:84296111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.130.189.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433010/; classtype:trojan-activity;sid:84296110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.61.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433009/; classtype:trojan-activity;sid:84296109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.196.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433008/; classtype:trojan-activity;sid:84296108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433007)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.12.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433007/; classtype:trojan-activity;sid:84296107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.182.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433005/; classtype:trojan-activity;sid:84296105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433006)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.9.237"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433006/; classtype:trojan-activity;sid:84296106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432994)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"srogland.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432994/; classtype:trojan-activity;sid:84296094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432995)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"srogland.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432995/; classtype:trojan-activity;sid:84296095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432996)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"srogland.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432996/; classtype:trojan-activity;sid:84296096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432997)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"srogland.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432997/; classtype:trojan-activity;sid:84296097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432998)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"srogland.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432998/; classtype:trojan-activity;sid:84296098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432999)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"srogland.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432999/; classtype:trojan-activity;sid:84296099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433000)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.22.160.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433000/; classtype:trojan-activity;sid:84296100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433001)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"srogland.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433001/; classtype:trojan-activity;sid:84296101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433002)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"srogland.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433002/; classtype:trojan-activity;sid:84296102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433003)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"srogland.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433003/; classtype:trojan-activity;sid:84296103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433004)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"srogland.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433004/; classtype:trojan-activity;sid:84296104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432988)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.22.160.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432988/; classtype:trojan-activity;sid:84296088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432989)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"srogland.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432989/; classtype:trojan-activity;sid:84296089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432990)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"160.22.160.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432990/; classtype:trojan-activity;sid:84296090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432991)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"srogland.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432991/; classtype:trojan-activity;sid:84296091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432992)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"srogland.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432992/; classtype:trojan-activity;sid:84296092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432993)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"srogland.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432993/; classtype:trojan-activity;sid:84296093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.72.249.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432987/; classtype:trojan-activity;sid:84296087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432986)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.202.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432986/; classtype:trojan-activity;sid:84296086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.5.7"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432984/; classtype:trojan-activity;sid:84296084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.11.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432985/; classtype:trojan-activity;sid:84296085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.60.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432983/; classtype:trojan-activity;sid:84296083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.72.249.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432982/; classtype:trojan-activity;sid:84296082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.85.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432981/; classtype:trojan-activity;sid:84296081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432980)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.98.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432980/; classtype:trojan-activity;sid:84296080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.157.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432979/; classtype:trojan-activity;sid:84296079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432971)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/evavqo1bm9j2virpgiep10oyf4kaakg5ht"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432971/; classtype:trojan-activity;sid:84296071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432972)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/4eynev18jpccm0wn9cjzuywstrriopj7cw"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432972/; classtype:trojan-activity;sid:84296072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432973)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/crqqlasemzzs46tt2bvhwqkcnwwjht3nni"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432973/; classtype:trojan-activity;sid:84296073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432974)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/2hpckcr2ph57dc1asvopsxwu722ts7q00t"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432974/; classtype:trojan-activity;sid:84296074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432975)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/d3fcrwhngmx2zamhhvviioftmkp8ykashd"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432975/; classtype:trojan-activity;sid:84296075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432976)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gcoyatypgpjzpxrnwmhywarel8ayrbsikz"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432976/; classtype:trojan-activity;sid:84296076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432977)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/fmkfoplrvbf6oxnf6xvobm9eamxzrhxxs0"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432977/; classtype:trojan-activity;sid:84296077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432978)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xtm8vk118socfn2pap8iuelybykgbqh3ab"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432978/; classtype:trojan-activity;sid:84296078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432941)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/fmkfoplrvbf6oxnf6xvobm9eamxzrhxxs0"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432941/; classtype:trojan-activity;sid:84296041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432942)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nte6nuvll1nnxoipmae4vxtubunpywvafo"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432942/; classtype:trojan-activity;sid:84296042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432943)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/d3fcrwhngmx2zamhhvviioftmkp8ykashd"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432943/; classtype:trojan-activity;sid:84296043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432944)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/crqqlasemzzs46tt2bvhwqkcnwwjht3nni"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432944/; classtype:trojan-activity;sid:84296044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432945)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/evavqo1bm9j2virpgiep10oyf4kaakg5ht"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432945/; classtype:trojan-activity;sid:84296045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432946)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bqpn6b0rawpkol3z9wpvtasyk774ycypff"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432946/; classtype:trojan-activity;sid:84296046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432947)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kjgd5evqtwy0avi07s2xbmfhfwl6jmgzbr"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432947/; classtype:trojan-activity;sid:84296047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432948)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/u4avwvvkxkygfx8y2hqas1qkdt5jt1ocey"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432948/; classtype:trojan-activity;sid:84296048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432949)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xtm8vk118socfn2pap8iuelybykgbqh3ab"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432949/; classtype:trojan-activity;sid:84296049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432950)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gcoyatypgpjzpxrnwmhywarel8ayrbsikz"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432950/; classtype:trojan-activity;sid:84296050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432951)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kjgd5evqtwy0avi07s2xbmfhfwl6jmgzbr"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432951/; classtype:trojan-activity;sid:84296051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432952)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/4eynev18jpccm0wn9cjzuywstrriopj7cw"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432952/; classtype:trojan-activity;sid:84296052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432953)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/u4avwvvkxkygfx8y2hqas1qkdt5jt1ocey"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432953/; classtype:trojan-activity;sid:84296053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432954)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/5lzuolr6lypibmjqmrmdczndhymqtftcx1"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432954/; classtype:trojan-activity;sid:84296054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432955)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/fmkfoplrvbf6oxnf6xvobm9eamxzrhxxs0"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432955/; classtype:trojan-activity;sid:84296055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432956)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gcoyatypgpjzpxrnwmhywarel8ayrbsikz"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432956/; classtype:trojan-activity;sid:84296056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432957)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/cftkcooqzziruf7jyceqqmhbmrgcjp2qkj"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432957/; classtype:trojan-activity;sid:84296057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432958)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/2hpckcr2ph57dc1asvopsxwu722ts7q00t"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432958/; classtype:trojan-activity;sid:84296058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432959)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/5lzuolr6lypibmjqmrmdczndhymqtftcx1"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432959/; classtype:trojan-activity;sid:84296059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432960)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bqpn6b0rawpkol3z9wpvtasyk774ycypff"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432960/; classtype:trojan-activity;sid:84296060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432961)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/u4avwvvkxkygfx8y2hqas1qkdt5jt1ocey"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432961/; classtype:trojan-activity;sid:84296061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432962)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/cftkcooqzziruf7jyceqqmhbmrgcjp2qkj"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432962/; classtype:trojan-activity;sid:84296062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432963)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/5lzuolr6lypibmjqmrmdczndhymqtftcx1"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432963/; classtype:trojan-activity;sid:84296063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432964)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kjgd5evqtwy0avi07s2xbmfhfwl6jmgzbr"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432964/; classtype:trojan-activity;sid:84296064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432965)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xtm8vk118socfn2pap8iuelybykgbqh3ab"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432965/; classtype:trojan-activity;sid:84296065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432966)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nte6nuvll1nnxoipmae4vxtubunpywvafo"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432966/; classtype:trojan-activity;sid:84296066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432967)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bqpn6b0rawpkol3z9wpvtasyk774ycypff"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432967/; classtype:trojan-activity;sid:84296067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432968)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/4eynev18jpccm0wn9cjzuywstrriopj7cw"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432968/; classtype:trojan-activity;sid:84296068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432969)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/2hpckcr2ph57dc1asvopsxwu722ts7q00t"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432969/; classtype:trojan-activity;sid:84296069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432970)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/cftkcooqzziruf7jyceqqmhbmrgcjp2qkj"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432970/; classtype:trojan-activity;sid:84296070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432937)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/crqqlasemzzs46tt2bvhwqkcnwwjht3nni"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432937/; classtype:trojan-activity;sid:84296037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432938)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/d3fcrwhngmx2zamhhvviioftmkp8ykashd"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432938/; classtype:trojan-activity;sid:84296038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432939)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nte6nuvll1nnxoipmae4vxtubunpywvafo"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432939/; classtype:trojan-activity;sid:84296039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432940)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/evavqo1bm9j2virpgiep10oyf4kaakg5ht"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432940/; classtype:trojan-activity;sid:84296040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.83.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432936/; classtype:trojan-activity;sid:84296036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.130.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432935/; classtype:trojan-activity;sid:84296035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.95.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432934/; classtype:trojan-activity;sid:84296034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.253.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432933/; classtype:trojan-activity;sid:84296033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.104.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432932/; classtype:trojan-activity;sid:84296032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.196.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432931/; classtype:trojan-activity;sid:84296031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.89.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432930/; classtype:trojan-activity;sid:84296030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.83.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432929/; classtype:trojan-activity;sid:84296029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432928)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432928/; classtype:trojan-activity;sid:84296028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.156.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432926/; classtype:trojan-activity;sid:84296026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.221.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432927/; classtype:trojan-activity;sid:84296027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.47.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432925/; classtype:trojan-activity;sid:84296025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.60.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432924/; classtype:trojan-activity;sid:84296024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.81.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432923/; classtype:trojan-activity;sid:84296023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.85.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432922/; classtype:trojan-activity;sid:84296022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.200.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432920/; classtype:trojan-activity;sid:84296020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.148.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432921/; classtype:trojan-activity;sid:84296021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432919)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.251.176.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432919/; classtype:trojan-activity;sid:84296019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.90.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432918/; classtype:trojan-activity;sid:84296018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.61.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432917/; classtype:trojan-activity;sid:84296017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.91.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432916/; classtype:trojan-activity;sid:84296016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.93.47.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432915/; classtype:trojan-activity;sid:84296015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432914)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.28.127"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432914/; classtype:trojan-activity;sid:84296014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.253.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432913/; classtype:trojan-activity;sid:84296013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432911/; classtype:trojan-activity;sid:84296011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.96.197"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432912/; classtype:trojan-activity;sid:84296012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.130.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432910/; classtype:trojan-activity;sid:84296010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.102.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432909/; classtype:trojan-activity;sid:84296009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.67.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432908/; classtype:trojan-activity;sid:84296008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.155.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432907/; classtype:trojan-activity;sid:84296007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.89.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432906/; classtype:trojan-activity;sid:84296006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.42.186.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432904/; classtype:trojan-activity;sid:84296004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.148.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432905/; classtype:trojan-activity;sid:84296005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.159.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432903/; classtype:trojan-activity;sid:84296003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.221.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432902/; classtype:trojan-activity;sid:84296002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.96.197"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432901/; classtype:trojan-activity;sid:84296001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.182.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432900/; classtype:trojan-activity;sid:84296000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432899/; classtype:trojan-activity;sid:84295999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.124.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432898/; classtype:trojan-activity;sid:84295998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432897/; classtype:trojan-activity;sid:84295997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.102.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432896/; classtype:trojan-activity;sid:84295996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.51.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432895/; classtype:trojan-activity;sid:84295995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.203.144.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432894/; classtype:trojan-activity;sid:84295994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.69.99.65"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432892/; classtype:trojan-activity;sid:84295992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.42.186.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432893/; classtype:trojan-activity;sid:84295993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.69.99.65"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432891/; classtype:trojan-activity;sid:84295991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.31.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432890/; classtype:trojan-activity;sid:84295990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.160.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432889/; classtype:trojan-activity;sid:84295989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.82.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432888/; classtype:trojan-activity;sid:84295988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.82.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432886/; classtype:trojan-activity;sid:84295986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.184.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432887/; classtype:trojan-activity;sid:84295987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432885)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.105.79.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432885/; classtype:trojan-activity;sid:84295985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.26.233.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432884/; classtype:trojan-activity;sid:84295984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.210.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432883/; classtype:trojan-activity;sid:84295983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.129.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432882/; classtype:trojan-activity;sid:84295982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.41.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432881/; classtype:trojan-activity;sid:84295981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.26.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432880/; classtype:trojan-activity;sid:84295980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.143.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432879/; classtype:trojan-activity;sid:84295979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.31.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432878/; classtype:trojan-activity;sid:84295978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.184.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432877/; classtype:trojan-activity;sid:84295977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.14.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432876/; classtype:trojan-activity;sid:84295976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.216.92.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432875/; classtype:trojan-activity;sid:84295975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.43.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432874/; classtype:trojan-activity;sid:84295974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432873/; classtype:trojan-activity;sid:84295973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.91.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432872/; classtype:trojan-activity;sid:84295972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.26.233.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432871/; classtype:trojan-activity;sid:84295971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.82.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432870/; classtype:trojan-activity;sid:84295970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.143.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432869/; classtype:trojan-activity;sid:84295969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.118.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432867/; classtype:trojan-activity;sid:84295967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.192.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432868/; classtype:trojan-activity;sid:84295968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432866)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.14.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432866/; classtype:trojan-activity;sid:84295966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.125.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432865/; classtype:trojan-activity;sid:84295965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432861)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.142.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432861/; classtype:trojan-activity;sid:84295961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432862)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.208.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432862/; classtype:trojan-activity;sid:84295962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.0.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432863/; classtype:trojan-activity;sid:84295963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432864)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432864/; classtype:trojan-activity;sid:84295964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.234.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432860/; classtype:trojan-activity;sid:84295960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.80.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432858/; classtype:trojan-activity;sid:84295958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432859)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.21.165.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432859/; classtype:trojan-activity;sid:84295959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.0.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432857/; classtype:trojan-activity;sid:84295957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.31.228.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432856/; classtype:trojan-activity;sid:84295956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.192.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432854/; classtype:trojan-activity;sid:84295954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.15.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432855/; classtype:trojan-activity;sid:84295955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.112.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432853/; classtype:trojan-activity;sid:84295953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432852)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.230.240.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432852/; classtype:trojan-activity;sid:84295952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.160.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432851/; classtype:trojan-activity;sid:84295951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.65.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432850/; classtype:trojan-activity;sid:84295950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.93.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432849/; classtype:trojan-activity;sid:84295949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.37.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432848/; classtype:trojan-activity;sid:84295948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.118.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432847/; classtype:trojan-activity;sid:84295947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432846)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.0.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432846/; classtype:trojan-activity;sid:84295946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.19.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432845/; classtype:trojan-activity;sid:84295945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.112.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432844/; classtype:trojan-activity;sid:84295944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.202.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432843/; classtype:trojan-activity;sid:84295943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.96.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432842/; classtype:trojan-activity;sid:84295942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.101.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432841/; classtype:trojan-activity;sid:84295941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432840)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.19.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432840/; classtype:trojan-activity;sid:84295940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.37.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432839/; classtype:trojan-activity;sid:84295939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.163.229.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432838/; classtype:trojan-activity;sid:84295938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.31.228.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432836/; classtype:trojan-activity;sid:84295936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.24.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432837/; classtype:trojan-activity;sid:84295937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432835)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.65.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432835/; classtype:trojan-activity;sid:84295935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.16.170"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432834/; classtype:trojan-activity;sid:84295934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432833)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432833/; classtype:trojan-activity;sid:84295933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.68.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432832/; classtype:trojan-activity;sid:84295932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.74.97.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432831/; classtype:trojan-activity;sid:84295931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.19.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432830/; classtype:trojan-activity;sid:84295930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.15.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432829/; classtype:trojan-activity;sid:84295929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.126.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432828/; classtype:trojan-activity;sid:84295928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432827)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.229.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432827/; classtype:trojan-activity;sid:84295927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.70.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432826/; classtype:trojan-activity;sid:84295926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432823)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.188.91.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432823/; classtype:trojan-activity;sid:84295923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.188.178.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432824/; classtype:trojan-activity;sid:84295924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.171.34.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432825/; classtype:trojan-activity;sid:84295925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.126.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432821/; classtype:trojan-activity;sid:84295921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.175.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432822/; classtype:trojan-activity;sid:84295922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432820)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432820/; classtype:trojan-activity;sid:84295920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.14.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432819/; classtype:trojan-activity;sid:84295919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.16.170"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432818/; classtype:trojan-activity;sid:84295918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.122.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432817/; classtype:trojan-activity;sid:84295917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.121.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432816/; classtype:trojan-activity;sid:84295916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.92.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432815/; classtype:trojan-activity;sid:84295915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.14.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432814/; classtype:trojan-activity;sid:84295914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.153.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432813/; classtype:trojan-activity;sid:84295913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432812)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.83.126.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432812/; classtype:trojan-activity;sid:84295912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432811)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.102.124.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432811/; classtype:trojan-activity;sid:84295911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.191.83.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432810/; classtype:trojan-activity;sid:84295910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.229.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432808/; classtype:trojan-activity;sid:84295908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.93.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432809/; classtype:trojan-activity;sid:84295909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.103.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432807/; classtype:trojan-activity;sid:84295907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.167.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432806/; classtype:trojan-activity;sid:84295906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.96.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432805/; classtype:trojan-activity;sid:84295905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.122.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432804/; classtype:trojan-activity;sid:84295904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.158.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432803/; classtype:trojan-activity;sid:84295903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.97.139"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432802/; classtype:trojan-activity;sid:84295902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.104.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432801/; classtype:trojan-activity;sid:84295901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.171.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432800/; classtype:trojan-activity;sid:84295900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.159.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432799/; classtype:trojan-activity;sid:84295899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.62.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432798/; classtype:trojan-activity;sid:84295898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.51.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432797/; classtype:trojan-activity;sid:84295897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.14.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432796/; classtype:trojan-activity;sid:84295896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.16.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432795/; classtype:trojan-activity;sid:84295895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.21.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432794/; classtype:trojan-activity;sid:84295894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.153.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432793/; classtype:trojan-activity;sid:84295893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.16.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432792/; classtype:trojan-activity;sid:84295892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.15.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432791/; classtype:trojan-activity;sid:84295891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.93.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432790/; classtype:trojan-activity;sid:84295890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.206.87.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432789/; classtype:trojan-activity;sid:84295889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.104.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432788/; classtype:trojan-activity;sid:84295888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.253.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432787/; classtype:trojan-activity;sid:84295887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.139.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432786/; classtype:trojan-activity;sid:84295886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.21.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432785/; classtype:trojan-activity;sid:84295885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.212.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432784/; classtype:trojan-activity;sid:84295884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432783)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.177.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432783/; classtype:trojan-activity;sid:84295883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432782)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.237.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432782/; classtype:trojan-activity;sid:84295882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.171.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432781/; classtype:trojan-activity;sid:84295881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.68.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432780/; classtype:trojan-activity;sid:84295880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.159.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432779/; classtype:trojan-activity;sid:84295879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.235.218.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432778/; classtype:trojan-activity;sid:84295878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.72.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432777/; classtype:trojan-activity;sid:84295877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.198.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432776/; classtype:trojan-activity;sid:84295876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.85.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432775/; classtype:trojan-activity;sid:84295875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.41.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432774/; classtype:trojan-activity;sid:84295874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.117.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432773/; classtype:trojan-activity;sid:84295873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.108.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432772/; classtype:trojan-activity;sid:84295872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432771)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.243.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432771/; classtype:trojan-activity;sid:84295871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432770)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.75.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432770/; classtype:trojan-activity;sid:84295870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.36.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432769/; classtype:trojan-activity;sid:84295869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.35.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432768/; classtype:trojan-activity;sid:84295868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.255.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432767/; classtype:trojan-activity;sid:84295867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.167.84.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432766/; classtype:trojan-activity;sid:84295866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.72.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432765/; classtype:trojan-activity;sid:84295865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.176.223.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432764/; classtype:trojan-activity;sid:84295864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432763/; classtype:trojan-activity;sid:84295863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.212.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432762/; classtype:trojan-activity;sid:84295862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.198.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432761/; classtype:trojan-activity;sid:84295861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.207.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432760/; classtype:trojan-activity;sid:84295860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.15.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432759/; classtype:trojan-activity;sid:84295859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.63.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432758/; classtype:trojan-activity;sid:84295858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.176.223.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432757/; classtype:trojan-activity;sid:84295857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.46.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432756/; classtype:trojan-activity;sid:84295856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432755)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.231.30.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432755/; classtype:trojan-activity;sid:84295855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.51.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432754/; classtype:trojan-activity;sid:84295854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.148.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432752/; classtype:trojan-activity;sid:84295852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.158.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432753/; classtype:trojan-activity;sid:84295853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.184.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432751/; classtype:trojan-activity;sid:84295851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.212.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432750/; classtype:trojan-activity;sid:84295850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.93.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432749/; classtype:trojan-activity;sid:84295849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.108.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432748/; classtype:trojan-activity;sid:84295848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.2.121"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432747/; classtype:trojan-activity;sid:84295847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.84.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432746/; classtype:trojan-activity;sid:84295846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.18.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432745/; classtype:trojan-activity;sid:84295845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432744)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.207.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432744/; classtype:trojan-activity;sid:84295844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.255.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432743/; classtype:trojan-activity;sid:84295843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.16.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432742/; classtype:trojan-activity;sid:84295842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.152.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432741/; classtype:trojan-activity;sid:84295841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432740/; classtype:trojan-activity;sid:84295840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.100.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432739/; classtype:trojan-activity;sid:84295839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.48.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432738/; classtype:trojan-activity;sid:84295838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.171.34.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432737/; classtype:trojan-activity;sid:84295837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.65.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432735/; classtype:trojan-activity;sid:84295835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.227.201.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432736/; classtype:trojan-activity;sid:84295836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.248.12.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432734/; classtype:trojan-activity;sid:84295834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.60.202.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432733/; classtype:trojan-activity;sid:84295833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.251.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432732/; classtype:trojan-activity;sid:84295832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.60.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432731/; classtype:trojan-activity;sid:84295831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.61.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432730/; classtype:trojan-activity;sid:84295830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.7.130"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432729/; classtype:trojan-activity;sid:84295829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.226.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432727/; classtype:trojan-activity;sid:84295827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432728)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.178.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432728/; classtype:trojan-activity;sid:84295828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.144.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432726/; classtype:trojan-activity;sid:84295826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.3.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432725/; classtype:trojan-activity;sid:84295825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.9.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432724/; classtype:trojan-activity;sid:84295824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432717)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432717/; classtype:trojan-activity;sid:84295817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432718)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.167.204.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432718/; classtype:trojan-activity;sid:84295818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432719)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432719/; classtype:trojan-activity;sid:84295819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432720)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.69.101.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432720/; classtype:trojan-activity;sid:84295820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432721)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.143.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432721/; classtype:trojan-activity;sid:84295821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.197.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432722/; classtype:trojan-activity;sid:84295822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.35.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432723/; classtype:trojan-activity;sid:84295823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432716)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.10.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432716/; classtype:trojan-activity;sid:84295816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432714)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.200.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432714/; classtype:trojan-activity;sid:84295814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.202.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432715/; classtype:trojan-activity;sid:84295815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432713)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.247.52.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432713/; classtype:trojan-activity;sid:84295813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432711)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.110.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432711/; classtype:trojan-activity;sid:84295811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432712)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.119.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432712/; classtype:trojan-activity;sid:84295812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432708)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.28.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432708/; classtype:trojan-activity;sid:84295808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432709)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.165.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432709/; classtype:trojan-activity;sid:84295809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.156.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432710/; classtype:trojan-activity;sid:84295810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.65.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432707/; classtype:trojan-activity;sid:84295807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.217.188.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432706/; classtype:trojan-activity;sid:84295806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.195.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432705/; classtype:trojan-activity;sid:84295805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.16.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432704/; classtype:trojan-activity;sid:84295804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.143.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432703/; classtype:trojan-activity;sid:84295803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.88.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432702/; classtype:trojan-activity;sid:84295802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.2.121"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432701/; classtype:trojan-activity;sid:84295801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.35.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432700/; classtype:trojan-activity;sid:84295800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.204.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432699/; classtype:trojan-activity;sid:84295799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.153.140.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432698/; classtype:trojan-activity;sid:84295798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.21.175.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432697/; classtype:trojan-activity;sid:84295797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.206.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432696/; classtype:trojan-activity;sid:84295796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432695)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.22.222.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432695/; classtype:trojan-activity;sid:84295795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.205.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432694/; classtype:trojan-activity;sid:84295794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.227.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432693/; classtype:trojan-activity;sid:84295793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.226.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432692/; classtype:trojan-activity;sid:84295792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.13.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432690/; classtype:trojan-activity;sid:84295790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.7.130"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432691/; classtype:trojan-activity;sid:84295791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.251.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432689/; classtype:trojan-activity;sid:84295789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432688)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.244.141.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432688/; classtype:trojan-activity;sid:84295788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.147.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432687/; classtype:trojan-activity;sid:84295787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.217.188.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432686/; classtype:trojan-activity;sid:84295786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.3.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432685/; classtype:trojan-activity;sid:84295785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.65.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432684/; classtype:trojan-activity;sid:84295784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.248.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432683/; classtype:trojan-activity;sid:84295783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.204.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432682/; classtype:trojan-activity;sid:84295782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.25.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432681/; classtype:trojan-activity;sid:84295781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.70.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432680/; classtype:trojan-activity;sid:84295780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.9.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432679/; classtype:trojan-activity;sid:84295779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.39.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432678/; classtype:trojan-activity;sid:84295778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.120.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432676/; classtype:trojan-activity;sid:84295776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432677)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"161.248.54.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432677/; classtype:trojan-activity;sid:84295777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.143.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432675/; classtype:trojan-activity;sid:84295775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.94.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432674/; classtype:trojan-activity;sid:84295774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.88.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432673/; classtype:trojan-activity;sid:84295773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.232.73.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432672/; classtype:trojan-activity;sid:84295772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.147.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432671/; classtype:trojan-activity;sid:84295771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.153.140.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432670/; classtype:trojan-activity;sid:84295770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.25.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432669/; classtype:trojan-activity;sid:84295769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.150.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432668/; classtype:trojan-activity;sid:84295768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.227.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432667/; classtype:trojan-activity;sid:84295767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.95.18.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432666/; classtype:trojan-activity;sid:84295766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.120.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432665/; classtype:trojan-activity;sid:84295765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432664)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.70.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432664/; classtype:trojan-activity;sid:84295764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.53.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432663/; classtype:trojan-activity;sid:84295763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.13.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432662/; classtype:trojan-activity;sid:84295762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432661/; classtype:trojan-activity;sid:84295761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.248.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432660/; classtype:trojan-activity;sid:84295760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.86.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432659/; classtype:trojan-activity;sid:84295759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.191.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432658/; classtype:trojan-activity;sid:84295758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432657/; classtype:trojan-activity;sid:84295757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.122.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432656/; classtype:trojan-activity;sid:84295756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.39.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432655/; classtype:trojan-activity;sid:84295755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.203.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432654/; classtype:trojan-activity;sid:84295754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.87.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432653/; classtype:trojan-activity;sid:84295753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.150.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432652/; classtype:trojan-activity;sid:84295752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.53.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432650/; classtype:trojan-activity;sid:84295750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432651)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.70.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432651/; classtype:trojan-activity;sid:84295751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432649)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.251.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432649/; classtype:trojan-activity;sid:84295749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.86.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432648/; classtype:trojan-activity;sid:84295748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.13.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432647/; classtype:trojan-activity;sid:84295747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.191.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432646/; classtype:trojan-activity;sid:84295746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432645)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.114.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432645/; classtype:trojan-activity;sid:84295745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.79.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432644/; classtype:trojan-activity;sid:84295744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.213.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432643/; classtype:trojan-activity;sid:84295743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.213.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432642/; classtype:trojan-activity;sid:84295742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.7.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432641/; classtype:trojan-activity;sid:84295741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.203.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432640/; classtype:trojan-activity;sid:84295740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432639)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.221.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432639/; classtype:trojan-activity;sid:84295739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432638)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.69.40.49"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432638/; classtype:trojan-activity;sid:84295738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.251.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432637/; classtype:trojan-activity;sid:84295737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.114.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432636/; classtype:trojan-activity;sid:84295736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.13.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432634/; classtype:trojan-activity;sid:84295734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.248.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432635/; classtype:trojan-activity;sid:84295735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432633)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"160.22.160.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432633/; classtype:trojan-activity;sid:84295733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432624)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"160.22.160.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432624/; classtype:trojan-activity;sid:84295724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432625)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.22.160.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432625/; classtype:trojan-activity;sid:84295725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432626)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"160.22.160.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432626/; classtype:trojan-activity;sid:84295726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432627)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"160.22.160.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432627/; classtype:trojan-activity;sid:84295727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432628)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"160.22.160.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432628/; classtype:trojan-activity;sid:84295728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432629)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.22.160.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432629/; classtype:trojan-activity;sid:84295729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432630)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.22.160.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432630/; classtype:trojan-activity;sid:84295730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432631)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.22.160.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432631/; classtype:trojan-activity;sid:84295731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432632)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.22.160.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432632/; classtype:trojan-activity;sid:84295732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.97.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432623/; classtype:trojan-activity;sid:84295723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432622)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.217.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432622/; classtype:trojan-activity;sid:84295722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432621)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.189.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432621/; classtype:trojan-activity;sid:84295721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.162.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432620/; classtype:trojan-activity;sid:84295720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.104.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432619/; classtype:trojan-activity;sid:84295719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.196.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432618/; classtype:trojan-activity;sid:84295718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.90.102.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432617/; classtype:trojan-activity;sid:84295717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.97.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432616/; classtype:trojan-activity;sid:84295716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.93.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432615/; classtype:trojan-activity;sid:84295715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.248.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432614/; classtype:trojan-activity;sid:84295714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.106.136.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432612/; classtype:trojan-activity;sid:84295712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.109.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432613/; classtype:trojan-activity;sid:84295713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.0.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432611/; classtype:trojan-activity;sid:84295711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.94.223.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432610/; classtype:trojan-activity;sid:84295710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.84.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432609/; classtype:trojan-activity;sid:84295709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.52.142.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432608/; classtype:trojan-activity;sid:84295708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.114.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432607/; classtype:trojan-activity;sid:84295707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.21.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432606/; classtype:trojan-activity;sid:84295706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432605/; classtype:trojan-activity;sid:84295705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.169.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432604/; classtype:trojan-activity;sid:84295704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.47.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432603/; classtype:trojan-activity;sid:84295703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.7.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432602/; classtype:trojan-activity;sid:84295702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432601)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.73.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432601/; classtype:trojan-activity;sid:84295701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432600)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.20.3.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432600/; classtype:trojan-activity;sid:84295700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432599)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.87.36.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432599/; classtype:trojan-activity;sid:84295699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.206.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432598/; classtype:trojan-activity;sid:84295698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.219.1.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432596/; classtype:trojan-activity;sid:84295696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.87.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432597/; classtype:trojan-activity;sid:84295697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.84.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432595/; classtype:trojan-activity;sid:84295695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.111.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432594/; classtype:trojan-activity;sid:84295694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.106.136.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432593/; classtype:trojan-activity;sid:84295693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.3.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432592/; classtype:trojan-activity;sid:84295692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432591/; classtype:trojan-activity;sid:84295691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432590)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.19.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432590/; classtype:trojan-activity;sid:84295690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.82.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432589/; classtype:trojan-activity;sid:84295689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.94.223.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432587/; classtype:trojan-activity;sid:84295687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.75.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432588/; classtype:trojan-activity;sid:84295688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.219.1.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432586/; classtype:trojan-activity;sid:84295686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432585)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.153.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432585/; classtype:trojan-activity;sid:84295685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432584/; classtype:trojan-activity;sid:84295684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.90.102.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432583/; classtype:trojan-activity;sid:84295683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.215.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432582/; classtype:trojan-activity;sid:84295682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.169.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432581/; classtype:trojan-activity;sid:84295681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.215.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432580/; classtype:trojan-activity;sid:84295680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.138.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432579/; classtype:trojan-activity;sid:84295679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432578)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.0.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432578/; classtype:trojan-activity;sid:84295678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.87.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432577/; classtype:trojan-activity;sid:84295677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.47.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432576/; classtype:trojan-activity;sid:84295676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.234.159.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432575/; classtype:trojan-activity;sid:84295675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.111.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432574/; classtype:trojan-activity;sid:84295674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"99.215.111.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432573/; classtype:trojan-activity;sid:84295673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.170.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432572/; classtype:trojan-activity;sid:84295672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.172.69.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432570/; classtype:trojan-activity;sid:84295670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.138.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432571/; classtype:trojan-activity;sid:84295671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432569/; classtype:trojan-activity;sid:84295669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.125.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432568/; classtype:trojan-activity;sid:84295668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.111.185.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432567/; classtype:trojan-activity;sid:84295667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.233.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432566/; classtype:trojan-activity;sid:84295666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.156.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432565/; classtype:trojan-activity;sid:84295665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.74.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432564/; classtype:trojan-activity;sid:84295664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.103.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432563/; classtype:trojan-activity;sid:84295663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.210.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432562/; classtype:trojan-activity;sid:84295662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432561)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.252.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432561/; classtype:trojan-activity;sid:84295661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432560)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.3.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432560/; classtype:trojan-activity;sid:84295660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432559)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.86.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432559/; classtype:trojan-activity;sid:84295659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432558)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.191.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432558/; classtype:trojan-activity;sid:84295658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432557)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.86.112.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432557/; classtype:trojan-activity;sid:84295657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.19.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432556/; classtype:trojan-activity;sid:84295656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.107.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3432555/; classtype:trojan-activity;sid:84295655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.49.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432554/; classtype:trojan-activity;sid:84295654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.99.103"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432553/; classtype:trojan-activity;sid:84295653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.111.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432552/; classtype:trojan-activity;sid:84295652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.203.59.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432551/; classtype:trojan-activity;sid:84295651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.5.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432549/; classtype:trojan-activity;sid:84295649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.31.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432550/; classtype:trojan-activity;sid:84295650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"99.215.111.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432548/; classtype:trojan-activity;sid:84295648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.122.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432546/; classtype:trojan-activity;sid:84295646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.233.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432547/; classtype:trojan-activity;sid:84295647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.27.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432545/; classtype:trojan-activity;sid:84295645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.67.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432544/; classtype:trojan-activity;sid:84295644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432543)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.37.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432543/; classtype:trojan-activity;sid:84295643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432541)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.43.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432541/; classtype:trojan-activity;sid:84295641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.172.69.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432542/; classtype:trojan-activity;sid:84295642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.28.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432540/; classtype:trojan-activity;sid:84295640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.233.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432539/; classtype:trojan-activity;sid:84295639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.37.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432538/; classtype:trojan-activity;sid:84295638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.78.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432537/; classtype:trojan-activity;sid:84295637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.111.185.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432536/; classtype:trojan-activity;sid:84295636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.177.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432535/; classtype:trojan-activity;sid:84295635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432533)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.93.47.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432533/; classtype:trojan-activity;sid:84295633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.204.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432534/; classtype:trojan-activity;sid:84295634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.248.12.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432532/; classtype:trojan-activity;sid:84295632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432531)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.36.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432531/; classtype:trojan-activity;sid:84295631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.49.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432530/; classtype:trojan-activity;sid:84295630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.24.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432529/; classtype:trojan-activity;sid:84295629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.99.103"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432528/; classtype:trojan-activity;sid:84295628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.59.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432527/; classtype:trojan-activity;sid:84295627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.247.80.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432526/; classtype:trojan-activity;sid:84295626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.1.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432525/; classtype:trojan-activity;sid:84295625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.107.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432524/; classtype:trojan-activity;sid:84295624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.174.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432523/; classtype:trojan-activity;sid:84295623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.57.1.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432522/; classtype:trojan-activity;sid:84295622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.98.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432521/; classtype:trojan-activity;sid:84295621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.5.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432520/; classtype:trojan-activity;sid:84295620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.254.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432519/; classtype:trojan-activity;sid:84295619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.31.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432518/; classtype:trojan-activity;sid:84295618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.28.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432517/; classtype:trojan-activity;sid:84295617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432515)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.198.186.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432515/; classtype:trojan-activity;sid:84295615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432516)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.207.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432516/; classtype:trojan-activity;sid:84295616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.67.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432514/; classtype:trojan-activity;sid:84295614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432513)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.75.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432513/; classtype:trojan-activity;sid:84295613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432512)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.37.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432512/; classtype:trojan-activity;sid:84295612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432511)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.177.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432511/; classtype:trojan-activity;sid:84295611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.24.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432510/; classtype:trojan-activity;sid:84295610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.13.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432509/; classtype:trojan-activity;sid:84295609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432508)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.178.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432508/; classtype:trojan-activity;sid:84295608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.247.80.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432507/; classtype:trojan-activity;sid:84295607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432505/; classtype:trojan-activity;sid:84295605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.238.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432506/; classtype:trojan-activity;sid:84295606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.57.1.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432504/; classtype:trojan-activity;sid:84295604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.29.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432503/; classtype:trojan-activity;sid:84295603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432502)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.123.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432502/; classtype:trojan-activity;sid:84295602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432500)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.140.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432500/; classtype:trojan-activity;sid:84295600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432501)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.47.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432501/; classtype:trojan-activity;sid:84295601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.3.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432499/; classtype:trojan-activity;sid:84295599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432498)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.206.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432498/; classtype:trojan-activity;sid:84295598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.122.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432497/; classtype:trojan-activity;sid:84295597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.238.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432496/; classtype:trojan-activity;sid:84295596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432495)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.132.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432495/; classtype:trojan-activity;sid:84295595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.33.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432492/; classtype:trojan-activity;sid:84295592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432493)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.74.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432493/; classtype:trojan-activity;sid:84295593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432494)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.30.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432494/; classtype:trojan-activity;sid:84295594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.29.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432491/; classtype:trojan-activity;sid:84295591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.118.141.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432490/; classtype:trojan-activity;sid:84295590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.197.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432489/; classtype:trojan-activity;sid:84295589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.122.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432487/; classtype:trojan-activity;sid:84295587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.4.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432488/; classtype:trojan-activity;sid:84295588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.22.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432486/; classtype:trojan-activity;sid:84295586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.77.17.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432485/; classtype:trojan-activity;sid:84295585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.33.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432484/; classtype:trojan-activity;sid:84295584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432483)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.55.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432483/; classtype:trojan-activity;sid:84295583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432482)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.37.17.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432482/; classtype:trojan-activity;sid:84295582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432481)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.48.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432481/; classtype:trojan-activity;sid:84295581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.136.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432480/; classtype:trojan-activity;sid:84295580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432479)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.114.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432479/; classtype:trojan-activity;sid:84295579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.92.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432477/; classtype:trojan-activity;sid:84295577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.88.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432478/; classtype:trojan-activity;sid:84295578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.118.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432476/; classtype:trojan-activity;sid:84295576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.176.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432475/; classtype:trojan-activity;sid:84295575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.197.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432474/; classtype:trojan-activity;sid:84295574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432473)"; flow:established,from_client; content:"GET"; http_method; content:"/99/creambestthingswhichnevergivebestthingsevergive.txt"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"217.160.163.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432473/; classtype:trojan-activity;sid:84295573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432471)"; flow:established,from_client; content:"GET"; http_method; content:"/772/createdbestbeautifulthingswithbestgoodthings.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"104.168.7.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432471/; classtype:trojan-activity;sid:84295571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432472)"; flow:established,from_client; content:"GET"; http_method; content:"/img/xworm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"191.96.78.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432472/; classtype:trojan-activity;sid:84295572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.118.141.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432470/; classtype:trojan-activity;sid:84295570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432469)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.49.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432469/; classtype:trojan-activity;sid:84295569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.77.17.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432468/; classtype:trojan-activity;sid:84295568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.214.231.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432467/; classtype:trojan-activity;sid:84295567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.4.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432466/; classtype:trojan-activity;sid:84295566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.22.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432465/; classtype:trojan-activity;sid:84295565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.181.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432464/; classtype:trojan-activity;sid:84295564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.136.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432463/; classtype:trojan-activity;sid:84295563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.206.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432462/; classtype:trojan-activity;sid:84295562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.231.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432460/; classtype:trojan-activity;sid:84295560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.92.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432461/; classtype:trojan-activity;sid:84295561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432459)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.83.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432459/; classtype:trojan-activity;sid:84295559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432458)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.239.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432458/; classtype:trojan-activity;sid:84295558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.93.47.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432457/; classtype:trojan-activity;sid:84295557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.244.141.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432456/; classtype:trojan-activity;sid:84295556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.188.91.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432455/; classtype:trojan-activity;sid:84295555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.88.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432453/; classtype:trojan-activity;sid:84295553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.25.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432454/; classtype:trojan-activity;sid:84295554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.68.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432452/; classtype:trojan-activity;sid:84295552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.171.34.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432451/; classtype:trojan-activity;sid:84295551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.176.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432450/; classtype:trojan-activity;sid:84295550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.219.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432449/; classtype:trojan-activity;sid:84295549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.213.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432448/; classtype:trojan-activity;sid:84295548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.94.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432447/; classtype:trojan-activity;sid:84295547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.101.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432446/; classtype:trojan-activity;sid:84295546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.193.63.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432445/; classtype:trojan-activity;sid:84295545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.122.255.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432444/; classtype:trojan-activity;sid:84295544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.43.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432443/; classtype:trojan-activity;sid:84295543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.127.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432442/; classtype:trojan-activity;sid:84295542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.27.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432441/; classtype:trojan-activity;sid:84295541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.98.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432440/; classtype:trojan-activity;sid:84295540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.219.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432439/; classtype:trojan-activity;sid:84295539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.68.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432438/; classtype:trojan-activity;sid:84295538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.230.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432436/; classtype:trojan-activity;sid:84295536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.213.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432437/; classtype:trojan-activity;sid:84295537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.101.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432435/; classtype:trojan-activity;sid:84295535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432434)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.40.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432434/; classtype:trojan-activity;sid:84295534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432432)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.249.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432432/; classtype:trojan-activity;sid:84295532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432433)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.183.60.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432433/; classtype:trojan-activity;sid:84295533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432430)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432430/; classtype:trojan-activity;sid:84295530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432431)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.10.163.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432431/; classtype:trojan-activity;sid:84295531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432428)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.51.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432428/; classtype:trojan-activity;sid:84295528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432429)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.229.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432429/; classtype:trojan-activity;sid:84295529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432427)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.120.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432427/; classtype:trojan-activity;sid:84295527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432426)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.211.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432426/; classtype:trojan-activity;sid:84295526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432425)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.10.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432425/; classtype:trojan-activity;sid:84295525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432424)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.241.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432424/; classtype:trojan-activity;sid:84295524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432423)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/client.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ggnmcomas.site"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432423/; classtype:trojan-activity;sid:84295523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432421)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/client.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gmoosomnoem.site"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432421/; classtype:trojan-activity;sid:84295521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432422)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/client.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gmnormails.site"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432422/; classtype:trojan-activity;sid:84295522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432420)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/client.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mncomgom.site"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432420/; classtype:trojan-activity;sid:84295520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432419)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/client.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"nasanecesoi.site"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432419/; classtype:trojan-activity;sid:84295519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432418)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/client.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gmoocsoom.site"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432418/; classtype:trojan-activity;sid:84295518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432417)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/client.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"updatetiker.site"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432417/; classtype:trojan-activity;sid:84295517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432416)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/dev.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"updatetiker.site"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432416/; classtype:trojan-activity;sid:84295516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432415)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/test.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"updatetiker.site"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432415/; classtype:trojan-activity;sid:84295515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432414)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/client.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gmcomamz.site"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432414/; classtype:trojan-activity;sid:84295514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432413)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/client.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gsoonmann.site"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432413/; classtype:trojan-activity;sid:84295513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432412)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/client.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.32.138.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432412/; classtype:trojan-activity;sid:84295512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432410)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/client.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"namerowem.site"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432410/; classtype:trojan-activity;sid:84295510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432411)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/client.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gmoonsom.site"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432411/; classtype:trojan-activity;sid:84295511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432409)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/dev.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gmoonsom.site"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432409/; classtype:trojan-activity;sid:84295509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432404)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/dev.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gsoonmann.site"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432404/; classtype:trojan-activity;sid:84295504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432405)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/dev.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gmoosomnoem.site"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432405/; classtype:trojan-activity;sid:84295505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432406)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/dev.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ggnmcomas.site"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432406/; classtype:trojan-activity;sid:84295506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432407)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/dev.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"nasanecesoi.site"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432407/; classtype:trojan-activity;sid:84295507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432408)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/dev.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gmnormails.site"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432408/; classtype:trojan-activity;sid:84295508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432398)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/test.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"namerowem.site"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432398/; classtype:trojan-activity;sid:84295498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432399)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/test.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"nasanecesoi.site"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432399/; classtype:trojan-activity;sid:84295499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432400)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/test.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"gmnormails.site"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432400/; classtype:trojan-activity;sid:84295500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432401)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/test.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ggnmcomas.site"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432401/; classtype:trojan-activity;sid:84295501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432402)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/test.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"gsoonmann.site"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432402/; classtype:trojan-activity;sid:84295502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432403)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/dev.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gmcomamz.site"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432403/; classtype:trojan-activity;sid:84295503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432390)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/test.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mncomgom.site"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432390/; classtype:trojan-activity;sid:84295490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432391)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/dev.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"152.32.138.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432391/; classtype:trojan-activity;sid:84295491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432392)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/dev.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mncomgom.site"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432392/; classtype:trojan-activity;sid:84295492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432393)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/dev.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gmoocsoom.site"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432393/; classtype:trojan-activity;sid:84295493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432394)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/dev.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"namerowem.site"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432394/; classtype:trojan-activity;sid:84295494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432395)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/dev.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gmgnsecmoi.site"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432395/; classtype:trojan-activity;sid:84295495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432396)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/test.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"gmcomamz.site"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432396/; classtype:trojan-activity;sid:84295496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432397)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/test.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"gmoocsoom.site"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432397/; classtype:trojan-activity;sid:84295497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432387)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/test.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"152.32.138.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432387/; classtype:trojan-activity;sid:84295487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432388)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/test.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"gmoosomnoem.site"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432388/; classtype:trojan-activity;sid:84295488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432389)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/test.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"gmoonsom.site"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432389/; classtype:trojan-activity;sid:84295489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432385)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/test.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"gmgnsecmoi.site"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432385/; classtype:trojan-activity;sid:84295485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432386)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/client.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gmgnsecmoi.site"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432386/; classtype:trojan-activity;sid:84295486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.172.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432384/; classtype:trojan-activity;sid:84295484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.98.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432383/; classtype:trojan-activity;sid:84295483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.230.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432382/; classtype:trojan-activity;sid:84295482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.252.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432381/; classtype:trojan-activity;sid:84295481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.43.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432380/; classtype:trojan-activity;sid:84295480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432379)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.217.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432379/; classtype:trojan-activity;sid:84295479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.135.156.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432378/; classtype:trojan-activity;sid:84295478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432377)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.0.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432377/; classtype:trojan-activity;sid:84295477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432376)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.60.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432376/; classtype:trojan-activity;sid:84295476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432375)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.82.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432375/; classtype:trojan-activity;sid:84295475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.87.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432374/; classtype:trojan-activity;sid:84295474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.238.189.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432373/; classtype:trojan-activity;sid:84295473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.98.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432372/; classtype:trojan-activity;sid:84295472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.87.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432371/; classtype:trojan-activity;sid:84295471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.98.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432370/; classtype:trojan-activity;sid:84295470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.172.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432369/; classtype:trojan-activity;sid:84295469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.196.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432368/; classtype:trojan-activity;sid:84295468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432367)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.6.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432367/; classtype:trojan-activity;sid:84295467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.68.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432366/; classtype:trojan-activity;sid:84295466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432365/; classtype:trojan-activity;sid:84295465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432364)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.252.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432364/; classtype:trojan-activity;sid:84295464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.136.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432363/; classtype:trojan-activity;sid:84295463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.135.156.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432361/; classtype:trojan-activity;sid:84295461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.68.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432362/; classtype:trojan-activity;sid:84295462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432360)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.94.193.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432360/; classtype:trojan-activity;sid:84295460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.253.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432359/; classtype:trojan-activity;sid:84295459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.82.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432358/; classtype:trojan-activity;sid:84295458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.49.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432357/; classtype:trojan-activity;sid:84295457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.141.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432356/; classtype:trojan-activity;sid:84295456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.239.77.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432355/; classtype:trojan-activity;sid:84295455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.29.127"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432354/; classtype:trojan-activity;sid:84295454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.135.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432352/; classtype:trojan-activity;sid:84295452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432353)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.160.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432353/; classtype:trojan-activity;sid:84295453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.193.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432351/; classtype:trojan-activity;sid:84295451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.135.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432350/; classtype:trojan-activity;sid:84295450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432349)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.101.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432349/; classtype:trojan-activity;sid:84295449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432347)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.144.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432347/; classtype:trojan-activity;sid:84295447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.149.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432348/; classtype:trojan-activity;sid:84295448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"104.193.63.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432346/; classtype:trojan-activity;sid:84295446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432344)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.248.12.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432344/; classtype:trojan-activity;sid:84295444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.78.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432345/; classtype:trojan-activity;sid:84295445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.49.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432343/; classtype:trojan-activity;sid:84295443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432342)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.88.176.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432342/; classtype:trojan-activity;sid:84295442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.29.127"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432341/; classtype:trojan-activity;sid:84295441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.196.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432340/; classtype:trojan-activity;sid:84295440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.79.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432339/; classtype:trojan-activity;sid:84295439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432338)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.76.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432338/; classtype:trojan-activity;sid:84295438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.168.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432337/; classtype:trojan-activity;sid:84295437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.190.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432336/; classtype:trojan-activity;sid:84295436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432335)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.214.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432335/; classtype:trojan-activity;sid:84295435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.31.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432334/; classtype:trojan-activity;sid:84295434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.193.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432333/; classtype:trojan-activity;sid:84295433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432332)"; flow:established,from_client; content:"GET"; http_method; content:"/masjesuscan"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432332/; classtype:trojan-activity;sid:84295432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432326)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spim"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432326/; classtype:trojan-activity;sid:84295426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432327)"; flow:established,from_client; content:"GET"; http_method; content:"/spim"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432327/; classtype:trojan-activity;sid:84295427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432328)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/686i"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432328/; classtype:trojan-activity;sid:84295428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432329)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lespim"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432329/; classtype:trojan-activity;sid:84295429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432330)"; flow:established,from_client; content:"GET"; http_method; content:"/scan.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432330/; classtype:trojan-activity;sid:84295430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432331)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/k86m"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432331/; classtype:trojan-activity;sid:84295431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432325)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.14.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432325/; classtype:trojan-activity;sid:84295425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432324)"; flow:established,from_client; content:"GET"; http_method; content:"/spim"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432324/; classtype:trojan-activity;sid:84295424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.101.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432323/; classtype:trojan-activity;sid:84295423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.245.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432322/; classtype:trojan-activity;sid:84295422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432320)"; flow:established,from_client; content:"GET"; http_method; content:"/.shell"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432320/; classtype:trojan-activity;sid:84295420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432321)"; flow:established,from_client; content:"GET"; http_method; content:"/.shell"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432321/; classtype:trojan-activity;sid:84295421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.121.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432319/; classtype:trojan-activity;sid:84295419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432318/; classtype:trojan-activity;sid:84295418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.149.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432317/; classtype:trojan-activity;sid:84295417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432315)"; flow:established,from_client; content:"GET"; http_method; content:"/payload1.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"173.214.227.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432315/; classtype:trojan-activity;sid:84295415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.79.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432316/; classtype:trojan-activity;sid:84295416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.79.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432314/; classtype:trojan-activity;sid:84295414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432313)"; flow:established,from_client; content:"GET"; http_method; content:"/important_update_0924_571c1_hks.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"convince.b-cdn.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432313/; classtype:trojan-activity;sid:84295413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432312)"; flow:established,from_client; content:"GET"; http_method; content:"/important_update_1024_564a51_cj10403_hks.apk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"prayer.b-cdn.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432312/; classtype:trojan-activity;sid:84295412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432311)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.204.104.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432311/; classtype:trojan-activity;sid:84295411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432310/; classtype:trojan-activity;sid:84295410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.216.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432308/; classtype:trojan-activity;sid:84295408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.246.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432309/; classtype:trojan-activity;sid:84295409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.14.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432307/; classtype:trojan-activity;sid:84295407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.226.168.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432306/; classtype:trojan-activity;sid:84295406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.93.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432305/; classtype:trojan-activity;sid:84295405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.101.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432304/; classtype:trojan-activity;sid:84295404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.140.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432303/; classtype:trojan-activity;sid:84295403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.121.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432302/; classtype:trojan-activity;sid:84295402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.162.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432301/; classtype:trojan-activity;sid:84295401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432300)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.196.183.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432300/; classtype:trojan-activity;sid:84295400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.217.187.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432299/; classtype:trojan-activity;sid:84295399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.94.211.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432298/; classtype:trojan-activity;sid:84295398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.3.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432297/; classtype:trojan-activity;sid:84295397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432296)"; flow:established,from_client; content:"GET"; http_method; content:"/guest.bat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.151.248.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432296/; classtype:trojan-activity;sid:84295396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.239.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432295/; classtype:trojan-activity;sid:84295395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.226.168.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432294/; classtype:trojan-activity;sid:84295394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.166.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432293/; classtype:trojan-activity;sid:84295393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.214.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432292/; classtype:trojan-activity;sid:84295392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.117.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432291/; classtype:trojan-activity;sid:84295391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.20.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432290/; classtype:trojan-activity;sid:84295390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.28.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432289/; classtype:trojan-activity;sid:84295389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.132.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432288/; classtype:trojan-activity;sid:84295388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.93.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432287/; classtype:trojan-activity;sid:84295387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.130.141.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432286/; classtype:trojan-activity;sid:84295386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.94.211.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432285/; classtype:trojan-activity;sid:84295385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.217.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432284/; classtype:trojan-activity;sid:84295384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432283)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.253.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432283/; classtype:trojan-activity;sid:84295383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432282)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432282/; classtype:trojan-activity;sid:84295382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.166.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432281/; classtype:trojan-activity;sid:84295381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.239.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432280/; classtype:trojan-activity;sid:84295380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.28.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432279/; classtype:trojan-activity;sid:84295379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.87.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432278/; classtype:trojan-activity;sid:84295378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432276)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.253.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432276/; classtype:trojan-activity;sid:84295376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432277)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.36.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432277/; classtype:trojan-activity;sid:84295377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432275)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.13.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432275/; classtype:trojan-activity;sid:84295375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432274)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.5.1.195"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432274/; classtype:trojan-activity;sid:84295374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432273)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.247.52.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432273/; classtype:trojan-activity;sid:84295373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432272)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.154.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432272/; classtype:trojan-activity;sid:84295372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.249.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432271/; classtype:trojan-activity;sid:84295371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.103.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432270/; classtype:trojan-activity;sid:84295370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.244.91.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432269/; classtype:trojan-activity;sid:84295369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.130.141.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432268/; classtype:trojan-activity;sid:84295368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.187.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432267/; classtype:trojan-activity;sid:84295367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.119.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432265/; classtype:trojan-activity;sid:84295365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.13.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432266/; classtype:trojan-activity;sid:84295366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.118.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432264/; classtype:trojan-activity;sid:84295364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432263)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.84.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432263/; classtype:trojan-activity;sid:84295363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.123.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432261/; classtype:trojan-activity;sid:84295361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.200.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432260/; classtype:trojan-activity;sid:84295360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.227.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432259/; classtype:trojan-activity;sid:84295359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.30.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432258/; classtype:trojan-activity;sid:84295358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432256)"; flow:established,from_client; content:"GET"; http_method; content:"/comand.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"65.109.179.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432256/; classtype:trojan-activity;sid:84295356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432257)"; flow:established,from_client; content:"GET"; http_method; content:"/co.txt"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"65.109.179.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432257/; classtype:trojan-activity;sid:84295357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432242)"; flow:established,from_client; content:"GET"; http_method; content:"/keylogger.py"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.187.140.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432242/; classtype:trojan-activity;sid:84295342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432243)"; flow:established,from_client; content:"GET"; http_method; content:"/stagers/bdq.py"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.187.140.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432243/; classtype:trojan-activity;sid:84295343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432244)"; flow:established,from_client; content:"GET"; http_method; content:"/packetsniffer.py"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"89.187.140.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432244/; classtype:trojan-activity;sid:84295344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432245)"; flow:established,from_client; content:"GET"; http_method; content:"/process.py"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.187.140.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432245/; classtype:trojan-activity;sid:84295345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432246)"; flow:established,from_client; content:"GET"; http_method; content:"/persistence.py"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.187.140.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432246/; classtype:trojan-activity;sid:84295346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432247)"; flow:established,from_client; content:"GET"; http_method; content:"/escalate.py"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.187.140.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432247/; classtype:trojan-activity;sid:84295347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432248)"; flow:established,from_client; content:"GET"; http_method; content:"/outlook.py"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.187.140.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432248/; classtype:trojan-activity;sid:84295348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432249)"; flow:established,from_client; content:"GET"; http_method; content:"/portscanner.py"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.187.140.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432249/; classtype:trojan-activity;sid:84295349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432250)"; flow:established,from_client; content:"GET"; http_method; content:"/obfuscated25.ps1"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"151.95.147.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432250/; classtype:trojan-activity;sid:84295350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432251)"; flow:established,from_client; content:"GET"; http_method; content:"/payloads/bdq.py"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"89.187.140.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432251/; classtype:trojan-activity;sid:84295351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432252)"; flow:established,from_client; content:"GET"; http_method; content:"/ladon1.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"107.151.248.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432252/; classtype:trojan-activity;sid:84295352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432253)"; flow:established,from_client; content:"GET"; http_method; content:"/ladon.ps1"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.151.248.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432253/; classtype:trojan-activity;sid:84295353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432254)"; flow:established,from_client; content:"GET"; http_method; content:"/a.ps1"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"107.151.248.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432254/; classtype:trojan-activity;sid:84295354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.244.91.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432241/; classtype:trojan-activity;sid:84295341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.236.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432240/; classtype:trojan-activity;sid:84295340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.61.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432239/; classtype:trojan-activity;sid:84295339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432238)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.175.69.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432238/; classtype:trojan-activity;sid:84295338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.20.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432237/; classtype:trojan-activity;sid:84295337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432236)"; flow:established,from_client; content:"GET"; http_method; content:"/fvcz/xr.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"oshi.at"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432236/; classtype:trojan-activity;sid:84295336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432235)"; flow:established,from_client; content:"GET"; http_method; content:"/qbds/payload.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"oshi.at"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432235/; classtype:trojan-activity;sid:84295335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432234)"; flow:established,from_client; content:"GET"; http_method; content:"/dyexja/raw/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.pastery.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432234/; classtype:trojan-activity;sid:84295334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432233)"; flow:established,from_client; content:"GET"; http_method; content:"/minir.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.8.78.172"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432233/; classtype:trojan-activity;sid:84295333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432232)"; flow:established,from_client; content:"GET"; http_method; content:"/zddtxxyxb.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"117.72.36.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432232/; classtype:trojan-activity;sid:84295332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432231)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig_win32"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"89.187.140.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432231/; classtype:trojan-activity;sid:84295331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432227)"; flow:established,from_client; content:"GET"; http_method; content:"/lokelo1488/ss11/raw/refs/heads/main/loader.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432227/; classtype:trojan-activity;sid:84295327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432228)"; flow:established,from_client; content:"GET"; http_method; content:"/lokelo1488/ss11/refs/heads/main/loader.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432228/; classtype:trojan-activity;sid:84295328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432229)"; flow:established,from_client; content:"GET"; http_method; content:"/iamgens/update50.cpl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"mcpperformance.com.br"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432229/; classtype:trojan-activity;sid:84295329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432230)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig_linux2"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"89.187.140.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432230/; classtype:trojan-activity;sid:84295330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432225)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig_darwin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"89.187.140.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432225/; classtype:trojan-activity;sid:84295325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432226)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1113209401/cbenu75.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432226/; classtype:trojan-activity;sid:84295326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432223)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/refs/heads/main/3.bin"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432223/; classtype:trojan-activity;sid:84295323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432224)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/refs/heads/main/key.bin"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432224/; classtype:trojan-activity;sid:84295324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432218)"; flow:established,from_client; content:"GET"; http_method; content:"/totallysafe.msi"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"151.95.147.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432218/; classtype:trojan-activity;sid:84295318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432219)"; flow:established,from_client; content:"GET"; http_method; content:"/stcl.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.88.203.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432219/; classtype:trojan-activity;sid:84295319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432220)"; flow:established,from_client; content:"GET"; http_method; content:"/untitled2.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"46.8.78.172"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432220/; classtype:trojan-activity;sid:84295320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432221)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/refs/heads/main/11.bin"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432221/; classtype:trojan-activity;sid:84295321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432222)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/refs/heads/main/sil.bin"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432222/; classtype:trojan-activity;sid:84295322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432216)"; flow:established,from_client; content:"GET"; http_method; content:"/overassertively.vbs"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"31.57.166.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432216/; classtype:trojan-activity;sid:84295316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432217)"; flow:established,from_client; content:"GET"; http_method; content:"/files/osint1618/random.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432217/; classtype:trojan-activity;sid:84295317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432215)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6691015685/bjkm5he.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432215/; classtype:trojan-activity;sid:84295315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432213)"; flow:established,from_client; content:"GET"; http_method; content:"/stage1.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"151.95.147.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432213/; classtype:trojan-activity;sid:84295313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432214)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6875802221/1awhjsy.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432214/; classtype:trojan-activity;sid:84295314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432210)"; flow:established,from_client; content:"GET"; http_method; content:"/64.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432210/; classtype:trojan-activity;sid:84295310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432182)"; flow:established,from_client; content:"GET"; http_method; content:"/files/748049926/wat9yyf.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432182/; classtype:trojan-activity;sid:84295282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432184)"; flow:established,from_client; content:"GET"; http_method; content:"/off.ps1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"151.95.147.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432184/; classtype:trojan-activity;sid:84295284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432185)"; flow:established,from_client; content:"GET"; http_method; content:"/772/wefc/createdbestbeautifulthingswithbestgoodthings.hta"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"104.168.7.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432185/; classtype:trojan-activity;sid:84295285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432192)"; flow:established,from_client; content:"GET"; http_method; content:"/zddtxxyxb.py"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"117.72.36.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432192/; classtype:trojan-activity;sid:84295292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432176)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1113209401/wbufh9v.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432176/; classtype:trojan-activity;sid:84295276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432177)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7133380843/unwp7cl.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432177/; classtype:trojan-activity;sid:84295277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432178)"; flow:established,from_client; content:"GET"; http_method; content:"/afkrfte.cmd"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"31.57.166.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432178/; classtype:trojan-activity;sid:84295278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432179)"; flow:established,from_client; content:"GET"; http_method; content:"/fru7nk9/login.php"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432179/; classtype:trojan-activity;sid:84295279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432180)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6200055128/pg5mxbe.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432180/; classtype:trojan-activity;sid:84295280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432175)"; flow:established,from_client; content:"GET"; http_method; content:"/ufcu/streamingwealth/ssl.jpg"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"ilimed.ro"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432175/; classtype:trojan-activity;sid:84295275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432174)"; flow:established,from_client; content:"GET"; http_method; content:"/ufcu/streamingwealth/onedrives.bin"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"ilimed.ro"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432174/; classtype:trojan-activity;sid:84295274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432172)"; flow:established,from_client; content:"GET"; http_method; content:"/ufcu/streamingwealth/backupplan.jpg"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"ilimed.ro"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432172/; classtype:trojan-activity;sid:84295272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432173)"; flow:established,from_client; content:"GET"; http_method; content:"/ufcu/streamingwealth/onetribe.bin"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"ilimed.ro"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432173/; classtype:trojan-activity;sid:84295273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432170)"; flow:established,from_client; content:"GET"; http_method; content:"/ufcu/streamingwealth/onedrives.vbs"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"ilimed.ro"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432170/; classtype:trojan-activity;sid:84295270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432171)"; flow:established,from_client; content:"GET"; http_method; content:"/ufcu/streamingwealth/onetribes.vbs"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"ilimed.ro"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432171/; classtype:trojan-activity;sid:84295271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432169)"; flow:established,from_client; content:"GET"; http_method; content:"/awcbbx/raw/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.pastery.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432169/; classtype:trojan-activity;sid:84295269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.10.48.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432167/; classtype:trojan-activity;sid:84295267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.179.127.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432168/; classtype:trojan-activity;sid:84295268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432166)"; flow:established,from_client; content:"GET"; http_method; content:"/nbtzge/raw/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.pastery.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432166/; classtype:trojan-activity;sid:84295266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.20.82"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432165/; classtype:trojan-activity;sid:84295265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.118.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432164/; classtype:trojan-activity;sid:84295264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.93.57.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432163/; classtype:trojan-activity;sid:84295263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.30.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432162/; classtype:trojan-activity;sid:84295262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.144.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432161/; classtype:trojan-activity;sid:84295261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432160)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.141.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432160/; classtype:trojan-activity;sid:84295260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432159)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.98.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432159/; classtype:trojan-activity;sid:84295259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.129.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432158/; classtype:trojan-activity;sid:84295258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.48.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432157/; classtype:trojan-activity;sid:84295257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"170.80.0.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432156/; classtype:trojan-activity;sid:84295256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.119.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432155/; classtype:trojan-activity;sid:84295255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.32.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432154/; classtype:trojan-activity;sid:84295254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.144.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432153/; classtype:trojan-activity;sid:84295253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.123.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432152/; classtype:trojan-activity;sid:84295252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.87.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432151/; classtype:trojan-activity;sid:84295251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.69.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432150/; classtype:trojan-activity;sid:84295250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.166.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432149/; classtype:trojan-activity;sid:84295249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.56.146.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432148/; classtype:trojan-activity;sid:84295248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.217.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432147/; classtype:trojan-activity;sid:84295247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.80.0.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432146/; classtype:trojan-activity;sid:84295246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.109.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432145/; classtype:trojan-activity;sid:84295245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.123.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432144/; classtype:trojan-activity;sid:84295244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.224.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432143/; classtype:trojan-activity;sid:84295243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.112.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432142/; classtype:trojan-activity;sid:84295242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432141)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.147.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432141/; classtype:trojan-activity;sid:84295241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.55.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432140/; classtype:trojan-activity;sid:84295240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.87.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432139/; classtype:trojan-activity;sid:84295239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432138)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.116.36.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432138/; classtype:trojan-activity;sid:84295238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432137)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.182.126.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432137/; classtype:trojan-activity;sid:84295237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432136)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.242.238.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432136/; classtype:trojan-activity;sid:84295236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432130)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.14.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432130/; classtype:trojan-activity;sid:84295230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432131)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.79.31.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432131/; classtype:trojan-activity;sid:84295231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432132)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"171.118.235.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432132/; classtype:trojan-activity;sid:84295232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432133)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.94.113.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432133/; classtype:trojan-activity;sid:84295233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432134)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.130.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432134/; classtype:trojan-activity;sid:84295234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432135)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.186.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432135/; classtype:trojan-activity;sid:84295235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432129)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"130.43.233.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432129/; classtype:trojan-activity;sid:84295229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432127)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.136.145.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432127/; classtype:trojan-activity;sid:84295227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432128)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.12.76.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432128/; classtype:trojan-activity;sid:84295228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.142.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432126/; classtype:trojan-activity;sid:84295226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.112.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432125/; classtype:trojan-activity;sid:84295225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.55.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432124/; classtype:trojan-activity;sid:84295224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.237.242.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432123/; classtype:trojan-activity;sid:84295223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.184.215.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432122/; classtype:trojan-activity;sid:84295222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.53.83.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432118/; classtype:trojan-activity;sid:84295218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.229.250.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432119/; classtype:trojan-activity;sid:84295219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.171.133.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432120/; classtype:trojan-activity;sid:84295220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.53.28.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432121/; classtype:trojan-activity;sid:84295221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.241.71.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432117/; classtype:trojan-activity;sid:84295217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.76.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432116/; classtype:trojan-activity;sid:84295216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.42.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432115/; classtype:trojan-activity;sid:84295215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.172.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432114/; classtype:trojan-activity;sid:84295214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.51.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432112/; classtype:trojan-activity;sid:84295212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432113)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.116.104.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432113/; classtype:trojan-activity;sid:84295213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.115.224.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432111/; classtype:trojan-activity;sid:84295211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.247.10.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432109/; classtype:trojan-activity;sid:84295209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.214.231.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432110/; classtype:trojan-activity;sid:84295210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.140.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432107/; classtype:trojan-activity;sid:84295207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.55.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432108/; classtype:trojan-activity;sid:84295208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432106)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.12.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432106/; classtype:trojan-activity;sid:84295206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432105)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.203.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432105/; classtype:trojan-activity;sid:84295205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.238.159.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432104/; classtype:trojan-activity;sid:84295204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.226.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432103/; classtype:trojan-activity;sid:84295203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432102)"; flow:established,from_client; content:"GET"; http_method; content:"/confirm2.com/networkscreensaverfactory7freesetup.msi"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"62.133.60.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432102/; classtype:trojan-activity;sid:84295202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432101)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.183.25.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432101/; classtype:trojan-activity;sid:84295201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432100)"; flow:established,from_client; content:"GET"; http_method; content:"/confirm2.com/captcha"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"62.133.60.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432100/; classtype:trojan-activity;sid:84295200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.87.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432099/; classtype:trojan-activity;sid:84295199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.142.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432098/; classtype:trojan-activity;sid:84295198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.24.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432097/; classtype:trojan-activity;sid:84295197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.226.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432096/; classtype:trojan-activity;sid:84295196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.238.159.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432095/; classtype:trojan-activity;sid:84295195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432094)"; flow:established,from_client; content:"GET"; http_method; content:"/forsale/silk.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.240.118.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432094/; classtype:trojan-activity;sid:84295194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432093)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.182.186.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432093/; classtype:trojan-activity;sid:84295193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432092/; classtype:trojan-activity;sid:84295192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432088)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.183.88.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432088/; classtype:trojan-activity;sid:84295188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432089)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.175.180.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432089/; classtype:trojan-activity;sid:84295189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432090)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.251.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432090/; classtype:trojan-activity;sid:84295190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432091)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.116.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432091/; classtype:trojan-activity;sid:84295191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432085)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432085/; classtype:trojan-activity;sid:84295185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432086)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.29.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432086/; classtype:trojan-activity;sid:84295186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432087)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432087/; classtype:trojan-activity;sid:84295187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432084)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.13.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432084/; classtype:trojan-activity;sid:84295184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432083)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.180.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432083/; classtype:trojan-activity;sid:84295183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432082)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.200.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432082/; classtype:trojan-activity;sid:84295182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432081)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.178.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432081/; classtype:trojan-activity;sid:84295181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432080)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.60.122.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432080/; classtype:trojan-activity;sid:84295180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432079)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.107.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432079/; classtype:trojan-activity;sid:84295179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.24.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432077/; classtype:trojan-activity;sid:84295177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.229.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432078/; classtype:trojan-activity;sid:84295178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.89.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432075/; classtype:trojan-activity;sid:84295175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432076)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.246.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432076/; classtype:trojan-activity;sid:84295176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.12.20"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432074/; classtype:trojan-activity;sid:84295174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432073)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.231.152.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432073/; classtype:trojan-activity;sid:84295173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432072)"; flow:established,from_client; content:"GET"; http_method; content:"/zang.xll"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"c1.unearnedexpressoutlying.shop"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432072/; classtype:trojan-activity;sid:84295172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432071)"; flow:established,from_client; content:"GET"; http_method; content:"/iklominiach.cda"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"zoomlu.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432071/; classtype:trojan-activity;sid:84295171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432064)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yxdvltlo46fgsobfhuj6sbsht8xlc2qdhl"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432064/; classtype:trojan-activity;sid:84295164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432065)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vnert7ptzuxsbgclyzzqat4q7wzma4mkfr"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432065/; classtype:trojan-activity;sid:84295165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432066)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/alz5fhinw8sayvstbtdgqpoxsyqka6y5sq"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432066/; classtype:trojan-activity;sid:84295166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432067)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nsuxqzq8fcvqt3hkttakeertkiqvxxpnmi"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432067/; classtype:trojan-activity;sid:84295167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432068)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/codmfq5got30ljddg37evxszjqhs0g9oyr"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432068/; classtype:trojan-activity;sid:84295168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432069)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/busb4gayg5h8v87oifr888jhclathhjekl"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432069/; classtype:trojan-activity;sid:84295169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432070)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sln2ukrlfowcvbug8yfynt8s2yovaqxowu"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432070/; classtype:trojan-activity;sid:84295170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432043)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/maev1bbtvhwmshosdr4hsbvlaejr0hdzxh"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432043/; classtype:trojan-activity;sid:84295143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432044)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/busb4gayg5h8v87oifr888jhclathhjekl"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432044/; classtype:trojan-activity;sid:84295144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432045)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/c1dpgdbq7rxwnoxl7bfqbtiqszwishseap"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432045/; classtype:trojan-activity;sid:84295145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432046)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sln2ukrlfowcvbug8yfynt8s2yovaqxowu"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432046/; classtype:trojan-activity;sid:84295146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432047)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/oljti0god59xujmxdyryr6fmndpjmh4pgq"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432047/; classtype:trojan-activity;sid:84295147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432048)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rxn1mt544ba0qdzrl8ythymoj5yanj37wa"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432048/; classtype:trojan-activity;sid:84295148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432049)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yxdvltlo46fgsobfhuj6sbsht8xlc2qdhl"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432049/; classtype:trojan-activity;sid:84295149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432050)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/alz5fhinw8sayvstbtdgqpoxsyqka6y5sq"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432050/; classtype:trojan-activity;sid:84295150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432051)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/eflprblzfb3gvevlznxanf3trxxwsqsyli"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432051/; classtype:trojan-activity;sid:84295151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432052)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/wmcwloto8iev1a1ezs30vbjmt4iazdnxzd"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432052/; classtype:trojan-activity;sid:84295152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432053)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/c1dpgdbq7rxwnoxl7bfqbtiqszwishseap"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432053/; classtype:trojan-activity;sid:84295153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432054)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vnert7ptzuxsbgclyzzqat4q7wzma4mkfr"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432054/; classtype:trojan-activity;sid:84295154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432055)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dckz4qdqpn4urrq7myklu6uj3pxs6obonz"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432055/; classtype:trojan-activity;sid:84295155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432056)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/eflprblzfb3gvevlznxanf3trxxwsqsyli"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432056/; classtype:trojan-activity;sid:84295156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432057)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nsuxqzq8fcvqt3hkttakeertkiqvxxpnmi"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432057/; classtype:trojan-activity;sid:84295157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432058)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dckz4qdqpn4urrq7myklu6uj3pxs6obonz"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432058/; classtype:trojan-activity;sid:84295158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432059)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/wmcwloto8iev1a1ezs30vbjmt4iazdnxzd"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432059/; classtype:trojan-activity;sid:84295159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432060)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/oljti0god59xujmxdyryr6fmndpjmh4pgq"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432060/; classtype:trojan-activity;sid:84295160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432061)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/codmfq5got30ljddg37evxszjqhs0g9oyr"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432061/; classtype:trojan-activity;sid:84295161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432062)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rxn1mt544ba0qdzrl8ythymoj5yanj37wa"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432062/; classtype:trojan-activity;sid:84295162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432063)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/maev1bbtvhwmshosdr4hsbvlaejr0hdzxh"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432063/; classtype:trojan-activity;sid:84295163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.157.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432042/; classtype:trojan-activity;sid:84295142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432041)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.12.20"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432041/; classtype:trojan-activity;sid:84295141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432040)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.229.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432040/; classtype:trojan-activity;sid:84295140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432038)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.251.2.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432038/; classtype:trojan-activity;sid:84295138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432039)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.255.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432039/; classtype:trojan-activity;sid:84295139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.28.173"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432037/; classtype:trojan-activity;sid:84295137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.89.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432036/; classtype:trojan-activity;sid:84295136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.79.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432035/; classtype:trojan-activity;sid:84295135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432034)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.194.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432034/; classtype:trojan-activity;sid:84295134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.236.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432033/; classtype:trojan-activity;sid:84295133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.101.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432032/; classtype:trojan-activity;sid:84295132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.75.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432031/; classtype:trojan-activity;sid:84295131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.182.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432030/; classtype:trojan-activity;sid:84295130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.209.162.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432029/; classtype:trojan-activity;sid:84295129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.69.61.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432028/; classtype:trojan-activity;sid:84295128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.143.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432027/; classtype:trojan-activity;sid:84295127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.79.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432026/; classtype:trojan-activity;sid:84295126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.212.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432025/; classtype:trojan-activity;sid:84295125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.71.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432024/; classtype:trojan-activity;sid:84295124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.64.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432023/; classtype:trojan-activity;sid:84295123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432022)"; flow:established,from_client; content:"GET"; http_method; content:"/tcdzsq9udmwcxhbv.html"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"userauthme02.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432022/; classtype:trojan-activity;sid:84295122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432021)"; flow:established,from_client; content:"GET"; http_method; content:"/yzgycghosm4essrz.html"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"userauthme02.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432021/; classtype:trojan-activity;sid:84295121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.75.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432020/; classtype:trojan-activity;sid:84295120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.209.162.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432019/; classtype:trojan-activity;sid:84295119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.143.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432018/; classtype:trojan-activity;sid:84295118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432017)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.191.238.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432017/; classtype:trojan-activity;sid:84295117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.69.61.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432016/; classtype:trojan-activity;sid:84295116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.212.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432015/; classtype:trojan-activity;sid:84295115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.204.196.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432014/; classtype:trojan-activity;sid:84295114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.107.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432013/; classtype:trojan-activity;sid:84295113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.204.196.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432012/; classtype:trojan-activity;sid:84295112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432011)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.170.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432011/; classtype:trojan-activity;sid:84295111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.235.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432009/; classtype:trojan-activity;sid:84295109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432010)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.64.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432010/; classtype:trojan-activity;sid:84295110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.76.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432007/; classtype:trojan-activity;sid:84295107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.91.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432008/; classtype:trojan-activity;sid:84295108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.127.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432006/; classtype:trojan-activity;sid:84295106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.225.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432005/; classtype:trojan-activity;sid:84295105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.38.106.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432004/; classtype:trojan-activity;sid:84295104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432003)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.16.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432003/; classtype:trojan-activity;sid:84295103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.195.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432002/; classtype:trojan-activity;sid:84295102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.132.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432001/; classtype:trojan-activity;sid:84295101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.107.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432000/; classtype:trojan-activity;sid:84295100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431999)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.82.183.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431999/; classtype:trojan-activity;sid:84295099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431998)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431998/; classtype:trojan-activity;sid:84295098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.91.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431997/; classtype:trojan-activity;sid:84295097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.192.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431996/; classtype:trojan-activity;sid:84295096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.75.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431995/; classtype:trojan-activity;sid:84295095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.150.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431994/; classtype:trojan-activity;sid:84295094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.38.106.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431993/; classtype:trojan-activity;sid:84295093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.174.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431992/; classtype:trojan-activity;sid:84295092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.63.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431991/; classtype:trojan-activity;sid:84295091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.42.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431989/; classtype:trojan-activity;sid:84295089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.28.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431990/; classtype:trojan-activity;sid:84295090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.76.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431988/; classtype:trojan-activity;sid:84295088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431987)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.80.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431987/; classtype:trojan-activity;sid:84295087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.244.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431986/; classtype:trojan-activity;sid:84295086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.25.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431985/; classtype:trojan-activity;sid:84295085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431984/; classtype:trojan-activity;sid:84295084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.17.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431983/; classtype:trojan-activity;sid:84295083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.174.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431982/; classtype:trojan-activity;sid:84295082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.29.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431980/; classtype:trojan-activity;sid:84295080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.1.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431981/; classtype:trojan-activity;sid:84295081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.180.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431979/; classtype:trojan-activity;sid:84295079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431978)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.113.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431978/; classtype:trojan-activity;sid:84295078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.190.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431977/; classtype:trojan-activity;sid:84295077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431976)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.112.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431976/; classtype:trojan-activity;sid:84295076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.7.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431975/; classtype:trojan-activity;sid:84295075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431973)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.69.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431973/; classtype:trojan-activity;sid:84295073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.51.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431974/; classtype:trojan-activity;sid:84295074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431972)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.232.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431972/; classtype:trojan-activity;sid:84295072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431970)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.114.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431970/; classtype:trojan-activity;sid:84295070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.42.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431971/; classtype:trojan-activity;sid:84295071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.49.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431969/; classtype:trojan-activity;sid:84295069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.236.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431967/; classtype:trojan-activity;sid:84295067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.211.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431968/; classtype:trojan-activity;sid:84295068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.135.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431966/; classtype:trojan-activity;sid:84295066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.247.189.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431965/; classtype:trojan-activity;sid:84295065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431964)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.8.7.179"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431964/; classtype:trojan-activity;sid:84295064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.112.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431963/; classtype:trojan-activity;sid:84295063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431962)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.63.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431962/; classtype:trojan-activity;sid:84295062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.135.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431961/; classtype:trojan-activity;sid:84295061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431960)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.55.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431960/; classtype:trojan-activity;sid:84295060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.68.142.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431959/; classtype:trojan-activity;sid:84295059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.254.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431958/; classtype:trojan-activity;sid:84295058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.161.44.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431957/; classtype:trojan-activity;sid:84295057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431956)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.163.229.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431956/; classtype:trojan-activity;sid:84295056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431955)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.189.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431955/; classtype:trojan-activity;sid:84295055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.83.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431953/; classtype:trojan-activity;sid:84295053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431954)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.186.216.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431954/; classtype:trojan-activity;sid:84295054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.93.47.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431950/; classtype:trojan-activity;sid:84295050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431951)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.81.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431951/; classtype:trojan-activity;sid:84295051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.65.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431952/; classtype:trojan-activity;sid:84295052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431947)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.83.218.12"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431947/; classtype:trojan-activity;sid:84295047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.65.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431948/; classtype:trojan-activity;sid:84295048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431949)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.83.218.12"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431949/; classtype:trojan-activity;sid:84295049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.189.247.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431946/; classtype:trojan-activity;sid:84295046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.236.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431944/; classtype:trojan-activity;sid:84295044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431945/; classtype:trojan-activity;sid:84295045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431943/; classtype:trojan-activity;sid:84295043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431941)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.164.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431941/; classtype:trojan-activity;sid:84295041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431942)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.234.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431942/; classtype:trojan-activity;sid:84295042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431940)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.161.44.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431940/; classtype:trojan-activity;sid:84295040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.230.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431939/; classtype:trojan-activity;sid:84295039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.61.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431938/; classtype:trojan-activity;sid:84295038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.70.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431937/; classtype:trojan-activity;sid:84295037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.56.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431936/; classtype:trojan-activity;sid:84295036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.190.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431935/; classtype:trojan-activity;sid:84295035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.233.58.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431934/; classtype:trojan-activity;sid:84295034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.189.247.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431933/; classtype:trojan-activity;sid:84295033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.240.200.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431932/; classtype:trojan-activity;sid:84295032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.70.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431931/; classtype:trojan-activity;sid:84295031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431930)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.159.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431930/; classtype:trojan-activity;sid:84295030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431929)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431929/; classtype:trojan-activity;sid:84295029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.151.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431928/; classtype:trojan-activity;sid:84295028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.253.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431927/; classtype:trojan-activity;sid:84295027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.61.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431926/; classtype:trojan-activity;sid:84295026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.240.200.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431925/; classtype:trojan-activity;sid:84295025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.52.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431924/; classtype:trojan-activity;sid:84295024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.68.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431923/; classtype:trojan-activity;sid:84295023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.240.11.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431922/; classtype:trojan-activity;sid:84295022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.233.58.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431920/; classtype:trojan-activity;sid:84295020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.182.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431921/; classtype:trojan-activity;sid:84295021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.18.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431919/; classtype:trojan-activity;sid:84295019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.179.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431918/; classtype:trojan-activity;sid:84295018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.190.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431917/; classtype:trojan-activity;sid:84295017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.11.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431916/; classtype:trojan-activity;sid:84295016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431914)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.180.141.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431914/; classtype:trojan-activity;sid:84295014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431915)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.111.102.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431915/; classtype:trojan-activity;sid:84295015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.253.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431913/; classtype:trojan-activity;sid:84295013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.42.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431912/; classtype:trojan-activity;sid:84295012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.244.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431911/; classtype:trojan-activity;sid:84295011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.27.81.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431910/; classtype:trojan-activity;sid:84295010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.104.234.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431909/; classtype:trojan-activity;sid:84295009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431908)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.170.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431908/; classtype:trojan-activity;sid:84295008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.133.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431907/; classtype:trojan-activity;sid:84295007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431906)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.90.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431906/; classtype:trojan-activity;sid:84295006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.26.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431905/; classtype:trojan-activity;sid:84295005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.101.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431903/; classtype:trojan-activity;sid:84295003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.49.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431904/; classtype:trojan-activity;sid:84295004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.11.132.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431902/; classtype:trojan-activity;sid:84295002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.253.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431901/; classtype:trojan-activity;sid:84295001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.138.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431900/; classtype:trojan-activity;sid:84295000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.202.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431899/; classtype:trojan-activity;sid:84294999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.74.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431898/; classtype:trojan-activity;sid:84294998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.46.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431897/; classtype:trojan-activity;sid:84294997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431896)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.123.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431896/; classtype:trojan-activity;sid:84294996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.32.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431895/; classtype:trojan-activity;sid:84294995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.81.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431894/; classtype:trojan-activity;sid:84294994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431893/; classtype:trojan-activity;sid:84294993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.83.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431892/; classtype:trojan-activity;sid:84294992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.138.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431891/; classtype:trojan-activity;sid:84294991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.170.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431890/; classtype:trojan-activity;sid:84294990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.26.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431889/; classtype:trojan-activity;sid:84294989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.74.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431888/; classtype:trojan-activity;sid:84294988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.32.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431887/; classtype:trojan-activity;sid:84294987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.11.132.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431886/; classtype:trojan-activity;sid:84294986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431885/; classtype:trojan-activity;sid:84294985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.226.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431884/; classtype:trojan-activity;sid:84294984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.235.200.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431883/; classtype:trojan-activity;sid:84294983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.32.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431882/; classtype:trojan-activity;sid:84294982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431880)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.128.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431880/; classtype:trojan-activity;sid:84294980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431881)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.0.216.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431881/; classtype:trojan-activity;sid:84294981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431878)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.75.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431878/; classtype:trojan-activity;sid:84294978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431879)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.115.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431879/; classtype:trojan-activity;sid:84294979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431877)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.113.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431877/; classtype:trojan-activity;sid:84294977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431876)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.155.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431876/; classtype:trojan-activity;sid:84294976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431875)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.240.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431875/; classtype:trojan-activity;sid:84294975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431874)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.126.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431874/; classtype:trojan-activity;sid:84294974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431873)"; flow:established,from_client; content:"GET"; http_method; content:"/6bztxqjr1cwrzpjk.html"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"userauthme02.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431873/; classtype:trojan-activity;sid:84294973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.32.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431872/; classtype:trojan-activity;sid:84294972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.101.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431871/; classtype:trojan-activity;sid:84294971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.200.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431870/; classtype:trojan-activity;sid:84294970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.94.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431869/; classtype:trojan-activity;sid:84294969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.160.18.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431868/; classtype:trojan-activity;sid:84294968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431867)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.38.106.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431867/; classtype:trojan-activity;sid:84294967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431866)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.21.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431866/; classtype:trojan-activity;sid:84294966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.128.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431865/; classtype:trojan-activity;sid:84294965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.236.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431864/; classtype:trojan-activity;sid:84294964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.81.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431863/; classtype:trojan-activity;sid:84294963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.236.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431862/; classtype:trojan-activity;sid:84294962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.19.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431861/; classtype:trojan-activity;sid:84294961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431860)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.151.113.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431860/; classtype:trojan-activity;sid:84294960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431858)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.68.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431858/; classtype:trojan-activity;sid:84294958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431859)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.29.28.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431859/; classtype:trojan-activity;sid:84294959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.18.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431857/; classtype:trojan-activity;sid:84294957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.128.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431856/; classtype:trojan-activity;sid:84294956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431855)"; flow:established,from_client; content:"GET"; http_method; content:"/1.zip"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"infernoenjoyer.cfd"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431855/; classtype:trojan-activity;sid:84294955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431854)"; flow:established,from_client; content:"GET"; http_method; content:"/js/1.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"alphabit.vc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431854/; classtype:trojan-activity;sid:84294954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.120.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431853/; classtype:trojan-activity;sid:84294953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.25.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431852/; classtype:trojan-activity;sid:84294952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431851)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/mr_bean/all_bean"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431851/; classtype:trojan-activity;sid:84294951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431850)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/mr_bean/pure_bean"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431850/; classtype:trojan-activity;sid:84294950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.91.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431849/; classtype:trojan-activity;sid:84294949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.36.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431848/; classtype:trojan-activity;sid:84294948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"168.195.7.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431847/; classtype:trojan-activity;sid:84294947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.7.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431846/; classtype:trojan-activity;sid:84294946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.137.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431845/; classtype:trojan-activity;sid:84294945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.19.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431844/; classtype:trojan-activity;sid:84294944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.46.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431843/; classtype:trojan-activity;sid:84294943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.144.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431842/; classtype:trojan-activity;sid:84294942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.85.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431841/; classtype:trojan-activity;sid:84294941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431840)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.113.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431840/; classtype:trojan-activity;sid:84294940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.33.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431839/; classtype:trojan-activity;sid:84294939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431838)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.177.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431838/; classtype:trojan-activity;sid:84294938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431837)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.241.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431837/; classtype:trojan-activity;sid:84294937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431835)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.73.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431835/; classtype:trojan-activity;sid:84294935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431836)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.43.170.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431836/; classtype:trojan-activity;sid:84294936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.120.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431834/; classtype:trojan-activity;sid:84294934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.172.80.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431833/; classtype:trojan-activity;sid:84294933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.144.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431832/; classtype:trojan-activity;sid:84294932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.36.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431829/; classtype:trojan-activity;sid:84294929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.195.7.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431830/; classtype:trojan-activity;sid:84294930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.180.56.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431831/; classtype:trojan-activity;sid:84294931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.132.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431828/; classtype:trojan-activity;sid:84294928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.7.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431827/; classtype:trojan-activity;sid:84294927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.71.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431826/; classtype:trojan-activity;sid:84294926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.199.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431825/; classtype:trojan-activity;sid:84294925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.85.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431824/; classtype:trojan-activity;sid:84294924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431823)"; flow:established,from_client; content:"GET"; http_method; content:"/scar_int.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"u3.fondnesssprayamiable.shop"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431823/; classtype:trojan-activity;sid:84294923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.144.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431822/; classtype:trojan-activity;sid:84294922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.33.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431821/; classtype:trojan-activity;sid:84294921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431817)"; flow:established,from_client; content:"GET"; http_method; content:"/pft6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"groundgamehealth.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431817/; classtype:trojan-activity;sid:84294917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431818)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"gyo-lighting.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431818/; classtype:trojan-activity;sid:84294918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431819)"; flow:established,from_client; content:"GET"; http_method; content:"/td5p"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xcvoqweol.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431819/; classtype:trojan-activity;sid:84294919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431820)"; flow:established,from_client; content:"GET"; http_method; content:"/m19syc8iynsoitws.html"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"userauthme02.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431820/; classtype:trojan-activity;sid:84294920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431815)"; flow:established,from_client; content:"GET"; http_method; content:"/rlirvrngba6b6yoe.html"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"userauthme02.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431815/; classtype:trojan-activity;sid:84294915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431816)"; flow:established,from_client; content:"GET"; http_method; content:"/com8k70uxaw9smnd.html"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"userauthme02.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431816/; classtype:trojan-activity;sid:84294916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431813)"; flow:established,from_client; content:"GET"; http_method; content:"/sign-in|3f|op_token=zxj81egvvyxv0ackyaqounlo3mm9it2qznk5un3prm3bpcmgscwf1dghvcml6zroaahr0chm6ly9hzg1pbi5ib29raw5nlmnvbs8qonsiyxv0af9hdhrlbxb0x2lkijoiyjezzgnlmjqtmgm5os00yjjllthiogutnji0njlln2y1zgq5in0yk1lhoetpzgcwyxpls1n1og5vz25uq3psci1mykt5txfxavnwannsmjv4wnm6bfmyntzcbgnvzguqezcsipujlk4nogbcafjd1nxosdi"; http_uri; depth:305; isdataat:!1,relative; nocase; content:"booking.rewiewsgustforhouse.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431813/; classtype:trojan-activity;sid:84294913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431814)"; flow:established,from_client; content:"GET"; http_method; content:"/sign-in|3f|op_token=zxj81egvvyxv0ackyaqounlo3mm9it2qznk5un3prm3bpcmgscwf1dghvcml6zroaahr0chm6ly9hzg1pbi5ib29raw5nlmnvbs8qonsiyxv0af9hdhrlbxb0x2lkijoiyjezzgnlmjqtmgm5os00yjjllthiogutnji0njlln2y1zgq5in0yk1lhoetpzgcwyxpls1n1og5vz25uq3psci1mykt5txfxavnwannsmjv4wnm6bfmyntzcbgnvzguqezcsipujlk4nogbcafjd1nxosdi"; http_uri; depth:305; isdataat:!1,relative; nocase; content:"booking.extrannet-globalled.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431814/; classtype:trojan-activity;sid:84294914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431812)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.33.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431812/; classtype:trojan-activity;sid:84294912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.172.80.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431811/; classtype:trojan-activity;sid:84294911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.79.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431810/; classtype:trojan-activity;sid:84294910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431809/; classtype:trojan-activity;sid:84294909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.56.123.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431808/; classtype:trojan-activity;sid:84294908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.141.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431807/; classtype:trojan-activity;sid:84294907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.234.159.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431806/; classtype:trojan-activity;sid:84294906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.97.113.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431805/; classtype:trojan-activity;sid:84294905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.185.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431804/; classtype:trojan-activity;sid:84294904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.97.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431803/; classtype:trojan-activity;sid:84294903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.199.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431802/; classtype:trojan-activity;sid:84294902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.12.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431801/; classtype:trojan-activity;sid:84294901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.79.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431800/; classtype:trojan-activity;sid:84294900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.199.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431798/; classtype:trojan-activity;sid:84294898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.144.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431799/; classtype:trojan-activity;sid:84294899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431797/; classtype:trojan-activity;sid:84294897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.187.251.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431796/; classtype:trojan-activity;sid:84294896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.59.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431795/; classtype:trojan-activity;sid:84294895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.104.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431794/; classtype:trojan-activity;sid:84294894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431793)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.148.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431793/; classtype:trojan-activity;sid:84294893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431792)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.144.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431792/; classtype:trojan-activity;sid:84294892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.253.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431791/; classtype:trojan-activity;sid:84294891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.235.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431789/; classtype:trojan-activity;sid:84294889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.12.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431790/; classtype:trojan-activity;sid:84294890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.199.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431788/; classtype:trojan-activity;sid:84294888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.178.43.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431787/; classtype:trojan-activity;sid:84294887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431786)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.178.11.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431786/; classtype:trojan-activity;sid:84294886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.24.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431785/; classtype:trojan-activity;sid:84294885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431783)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431783/; classtype:trojan-activity;sid:84294883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431784)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.179.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431784/; classtype:trojan-activity;sid:84294884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431782)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.247.7.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431782/; classtype:trojan-activity;sid:84294882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431781)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.183.147.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431781/; classtype:trojan-activity;sid:84294881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431780)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.179.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431780/; classtype:trojan-activity;sid:84294880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431778)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.140.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431778/; classtype:trojan-activity;sid:84294878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431779)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.7.190"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431779/; classtype:trojan-activity;sid:84294879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431777)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431777/; classtype:trojan-activity;sid:84294877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431776)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.119.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431776/; classtype:trojan-activity;sid:84294876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431774)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.20.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431774/; classtype:trojan-activity;sid:84294874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431775)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.253.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431775/; classtype:trojan-activity;sid:84294875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.75.46.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431773/; classtype:trojan-activity;sid:84294873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.95.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431772/; classtype:trojan-activity;sid:84294872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431771)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.91.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431771/; classtype:trojan-activity;sid:84294871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.169.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431770/; classtype:trojan-activity;sid:84294870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.119.182.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431769/; classtype:trojan-activity;sid:84294869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.145.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431768/; classtype:trojan-activity;sid:84294868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.132.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431767/; classtype:trojan-activity;sid:84294867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.254.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431766/; classtype:trojan-activity;sid:84294866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.140.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431765/; classtype:trojan-activity;sid:84294865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.209.60.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431763/; classtype:trojan-activity;sid:84294863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.209.60.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431764/; classtype:trojan-activity;sid:84294864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.11.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431762/; classtype:trojan-activity;sid:84294862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.160.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431761/; classtype:trojan-activity;sid:84294861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.166.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431760/; classtype:trojan-activity;sid:84294860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431759/; classtype:trojan-activity;sid:84294859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.24.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431758/; classtype:trojan-activity;sid:84294858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.127.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431757/; classtype:trojan-activity;sid:84294857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.198.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431756/; classtype:trojan-activity;sid:84294856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.158.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431755/; classtype:trojan-activity;sid:84294855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.141.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431754/; classtype:trojan-activity;sid:84294854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.169.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431753/; classtype:trojan-activity;sid:84294853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.242.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431751/; classtype:trojan-activity;sid:84294851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.245.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431752/; classtype:trojan-activity;sid:84294852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.228.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431750/; classtype:trojan-activity;sid:84294850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.38.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431749/; classtype:trojan-activity;sid:84294849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431748/; classtype:trojan-activity;sid:84294848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.254.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431747/; classtype:trojan-activity;sid:84294847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.62.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431746/; classtype:trojan-activity;sid:84294846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.115.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431745/; classtype:trojan-activity;sid:84294845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.196.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431744/; classtype:trojan-activity;sid:84294844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.99.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431743/; classtype:trojan-activity;sid:84294843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.103.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431742/; classtype:trojan-activity;sid:84294842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.231.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431741/; classtype:trojan-activity;sid:84294841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.141.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431740/; classtype:trojan-activity;sid:84294840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.198.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431739/; classtype:trojan-activity;sid:84294839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.130.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431738/; classtype:trojan-activity;sid:84294838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.6.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431737/; classtype:trojan-activity;sid:84294837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.47.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431736/; classtype:trojan-activity;sid:84294836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.127.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431735/; classtype:trojan-activity;sid:84294835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.162.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431734/; classtype:trojan-activity;sid:84294834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.239.77.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431733/; classtype:trojan-activity;sid:84294833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.156.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431732/; classtype:trojan-activity;sid:84294832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.21.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431731/; classtype:trojan-activity;sid:84294831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.242.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431730/; classtype:trojan-activity;sid:84294830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.46.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431729/; classtype:trojan-activity;sid:84294829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.160.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431728/; classtype:trojan-activity;sid:84294828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.105.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431726/; classtype:trojan-activity;sid:84294826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.94.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431727/; classtype:trojan-activity;sid:84294827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.95.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431725/; classtype:trojan-activity;sid:84294825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.79.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431724/; classtype:trojan-activity;sid:84294824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.105.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431723/; classtype:trojan-activity;sid:84294823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.178.43.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431722/; classtype:trojan-activity;sid:84294822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.238.189.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431721/; classtype:trojan-activity;sid:84294821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.231.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431720/; classtype:trojan-activity;sid:84294820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.35.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431719/; classtype:trojan-activity;sid:84294819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.156.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431718/; classtype:trojan-activity;sid:84294818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.11.74.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431717/; classtype:trojan-activity;sid:84294817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431716)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.60.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431716/; classtype:trojan-activity;sid:84294816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.105.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431715/; classtype:trojan-activity;sid:84294815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.161.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431714/; classtype:trojan-activity;sid:84294814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.6.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431713/; classtype:trojan-activity;sid:84294813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431712)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.21.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431712/; classtype:trojan-activity;sid:84294812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.169.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431710/; classtype:trojan-activity;sid:84294810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.50.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431711/; classtype:trojan-activity;sid:84294811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.123.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431709/; classtype:trojan-activity;sid:84294809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.234.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431708/; classtype:trojan-activity;sid:84294808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.97.113.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431707/; classtype:trojan-activity;sid:84294807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.99.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431706/; classtype:trojan-activity;sid:84294806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.68.142.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431705/; classtype:trojan-activity;sid:84294805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431703)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.72.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431703/; classtype:trojan-activity;sid:84294803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.132.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431704/; classtype:trojan-activity;sid:84294804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.79.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431702/; classtype:trojan-activity;sid:84294802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.157.253.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431701/; classtype:trojan-activity;sid:84294801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.103.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431700/; classtype:trojan-activity;sid:84294800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431699)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.169.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431699/; classtype:trojan-activity;sid:84294799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.29.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431698/; classtype:trojan-activity;sid:84294798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.109.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431697/; classtype:trojan-activity;sid:84294797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.162.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431696/; classtype:trojan-activity;sid:84294796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431695/; classtype:trojan-activity;sid:84294795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.88.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431693/; classtype:trojan-activity;sid:84294793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.23.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431694/; classtype:trojan-activity;sid:84294794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431692)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.129.239.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431692/; classtype:trojan-activity;sid:84294792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.157.253.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431691/; classtype:trojan-activity;sid:84294791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431690)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.129.239.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431690/; classtype:trojan-activity;sid:84294790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431689)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.129.239.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431689/; classtype:trojan-activity;sid:84294789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431688)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.129.239.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431688/; classtype:trojan-activity;sid:84294788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431687)"; flow:established,from_client; content:"GET"; http_method; content:"/bljysvhw/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431687/; classtype:trojan-activity;sid:84294787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431686)"; flow:established,from_client; content:"GET"; http_method; content:"/bljysvhw/img001.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431686/; classtype:trojan-activity;sid:84294786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431685)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.233.47.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431685/; classtype:trojan-activity;sid:84294785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431683)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.236.125.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431683/; classtype:trojan-activity;sid:84294783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431684)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.233.47.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431684/; classtype:trojan-activity;sid:84294784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431682)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"221.233.47.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431682/; classtype:trojan-activity;sid:84294782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431681)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"221.233.47.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431681/; classtype:trojan-activity;sid:84294781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431680)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"221.233.47.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431680/; classtype:trojan-activity;sid:84294780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431679)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"221.233.47.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431679/; classtype:trojan-activity;sid:84294779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431678)"; flow:established,from_client; content:"GET"; http_method; content:"/newbie/0.0.9/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"211.55.72.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431678/; classtype:trojan-activity;sid:84294778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431668)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"221.233.47.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431668/; classtype:trojan-activity;sid:84294768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431669)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.129.239.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431669/; classtype:trojan-activity;sid:84294769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431670)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.129.239.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431670/; classtype:trojan-activity;sid:84294770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431671)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.233.47.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431671/; classtype:trojan-activity;sid:84294771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431672)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"221.236.125.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431672/; classtype:trojan-activity;sid:84294772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431673)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.233.47.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431673/; classtype:trojan-activity;sid:84294773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431674)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"221.233.47.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431674/; classtype:trojan-activity;sid:84294774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431675)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.236.125.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431675/; classtype:trojan-activity;sid:84294775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431676)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"221.233.47.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431676/; classtype:trojan-activity;sid:84294776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431677)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"221.233.47.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431677/; classtype:trojan-activity;sid:84294777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.141.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431667/; classtype:trojan-activity;sid:84294767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.91.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431666/; classtype:trojan-activity;sid:84294766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.103.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431665/; classtype:trojan-activity;sid:84294765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.140.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431664/; classtype:trojan-activity;sid:84294764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.38.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431663/; classtype:trojan-activity;sid:84294763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.73.219.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431662/; classtype:trojan-activity;sid:84294762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.51.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431660/; classtype:trojan-activity;sid:84294760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.206.59.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431661/; classtype:trojan-activity;sid:84294761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.20.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431659/; classtype:trojan-activity;sid:84294759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.114.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431657/; classtype:trojan-activity;sid:84294757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431658/; classtype:trojan-activity;sid:84294758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.214.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431655/; classtype:trojan-activity;sid:84294755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.94.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431656/; classtype:trojan-activity;sid:84294756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.9.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431654/; classtype:trojan-activity;sid:84294754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.142.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431651/; classtype:trojan-activity;sid:84294751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.123.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431652/; classtype:trojan-activity;sid:84294752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.93.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431653/; classtype:trojan-activity;sid:84294753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431650/; classtype:trojan-activity;sid:84294750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.140.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431648/; classtype:trojan-activity;sid:84294748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.214.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431649/; classtype:trojan-activity;sid:84294749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431647)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.51.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431647/; classtype:trojan-activity;sid:84294747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.91.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431646/; classtype:trojan-activity;sid:84294746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431645)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.89.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431645/; classtype:trojan-activity;sid:84294745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.163.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431644/; classtype:trojan-activity;sid:84294744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.75.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431643/; classtype:trojan-activity;sid:84294743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.134.132.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431642/; classtype:trojan-activity;sid:84294742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.154.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431641/; classtype:trojan-activity;sid:84294741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.123.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431640/; classtype:trojan-activity;sid:84294740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.3.171"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431638/; classtype:trojan-activity;sid:84294738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.140.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431639/; classtype:trojan-activity;sid:84294739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.206.59.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431637/; classtype:trojan-activity;sid:84294737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.99.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431636/; classtype:trojan-activity;sid:84294736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431635)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.102.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431635/; classtype:trojan-activity;sid:84294735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.93.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431634/; classtype:trojan-activity;sid:84294734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.73.219.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431633/; classtype:trojan-activity;sid:84294733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.114.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431632/; classtype:trojan-activity;sid:84294732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.90.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431631/; classtype:trojan-activity;sid:84294731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.226.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431630/; classtype:trojan-activity;sid:84294730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.29.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431629/; classtype:trojan-activity;sid:84294729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.20.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431628/; classtype:trojan-activity;sid:84294728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.80.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431627/; classtype:trojan-activity;sid:84294727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431626)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.95.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431626/; classtype:trojan-activity;sid:84294726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.95.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431625/; classtype:trojan-activity;sid:84294725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431624)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.160.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431624/; classtype:trojan-activity;sid:84294724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431623)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.55.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431623/; classtype:trojan-activity;sid:84294723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431621)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.175.180.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431621/; classtype:trojan-activity;sid:84294721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431622)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.54.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431622/; classtype:trojan-activity;sid:84294722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431620)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.119.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431620/; classtype:trojan-activity;sid:84294720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431619)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.125.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431619/; classtype:trojan-activity;sid:84294719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.75.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431618/; classtype:trojan-activity;sid:84294718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.163.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431616/; classtype:trojan-activity;sid:84294716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.154.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431617/; classtype:trojan-activity;sid:84294717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.242.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431615/; classtype:trojan-activity;sid:84294715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431614/; classtype:trojan-activity;sid:84294714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.62.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431613/; classtype:trojan-activity;sid:84294713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.81.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431612/; classtype:trojan-activity;sid:84294712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.94.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431611/; classtype:trojan-activity;sid:84294711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.88.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431610/; classtype:trojan-activity;sid:84294710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.249.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431609/; classtype:trojan-activity;sid:84294709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.80.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431608/; classtype:trojan-activity;sid:84294708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.4.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431607/; classtype:trojan-activity;sid:84294707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.7.190"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431606/; classtype:trojan-activity;sid:84294706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.226.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431605/; classtype:trojan-activity;sid:84294705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.133.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431603/; classtype:trojan-activity;sid:84294703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.110.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431604/; classtype:trojan-activity;sid:84294704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.89.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431602/; classtype:trojan-activity;sid:84294702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431601/; classtype:trojan-activity;sid:84294701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.65.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431599/; classtype:trojan-activity;sid:84294699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431600/; classtype:trojan-activity;sid:84294700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.216.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431598/; classtype:trojan-activity;sid:84294698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.227.7.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431596/; classtype:trojan-activity;sid:84294696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431597)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.135.249.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431597/; classtype:trojan-activity;sid:84294697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431594)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.29.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431594/; classtype:trojan-activity;sid:84294694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.253.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431595/; classtype:trojan-activity;sid:84294695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.77.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431593/; classtype:trojan-activity;sid:84294693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.62.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431592/; classtype:trojan-activity;sid:84294692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.133.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431591/; classtype:trojan-activity;sid:84294691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431590)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.19.25.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431590/; classtype:trojan-activity;sid:84294690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.81.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431589/; classtype:trojan-activity;sid:84294689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.4.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431588/; classtype:trojan-activity;sid:84294688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431587)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.113.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431587/; classtype:trojan-activity;sid:84294687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.7.217"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431586/; classtype:trojan-activity;sid:84294686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.110.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431585/; classtype:trojan-activity;sid:84294685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.29.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431584/; classtype:trojan-activity;sid:84294684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.1.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431583/; classtype:trojan-activity;sid:84294683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.28.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431582/; classtype:trojan-activity;sid:84294682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431581)"; flow:established,from_client; content:"GET"; http_method; content:"/5"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"bears.pet"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431581/; classtype:trojan-activity;sid:84294681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431577)"; flow:established,from_client; content:"GET"; http_method; content:"/7"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"bears.pet"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431577/; classtype:trojan-activity;sid:84294677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431578)"; flow:established,from_client; content:"GET"; http_method; content:"/2"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"bears.pet"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431578/; classtype:trojan-activity;sid:84294678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431579)"; flow:established,from_client; content:"GET"; http_method; content:"/2.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bears.pet"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431579/; classtype:trojan-activity;sid:84294679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431580)"; flow:established,from_client; content:"GET"; http_method; content:"/1"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"bears.pet"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431580/; classtype:trojan-activity;sid:84294680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431576)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.244.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431576/; classtype:trojan-activity;sid:84294676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.118.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431575/; classtype:trojan-activity;sid:84294675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.9.237"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431573/; classtype:trojan-activity;sid:84294673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.77.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431574/; classtype:trojan-activity;sid:84294674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.176.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431572/; classtype:trojan-activity;sid:84294672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.253.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431571/; classtype:trojan-activity;sid:84294671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.81.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431570/; classtype:trojan-activity;sid:84294670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.194.55.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431569/; classtype:trojan-activity;sid:84294669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.85.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431568/; classtype:trojan-activity;sid:84294668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431567)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.153.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431567/; classtype:trojan-activity;sid:84294667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431566)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.93.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431566/; classtype:trojan-activity;sid:84294666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431565)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.144.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431565/; classtype:trojan-activity;sid:84294665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.226.176.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431562/; classtype:trojan-activity;sid:84294662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.63.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431563/; classtype:trojan-activity;sid:84294663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.167.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431564/; classtype:trojan-activity;sid:84294664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.20.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431561/; classtype:trojan-activity;sid:84294661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.56.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431560/; classtype:trojan-activity;sid:84294660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.65.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431559/; classtype:trojan-activity;sid:84294659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.83.173.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431558/; classtype:trojan-activity;sid:84294658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.115.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431557/; classtype:trojan-activity;sid:84294657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.216.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431556/; classtype:trojan-activity;sid:84294656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.123.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431555/; classtype:trojan-activity;sid:84294655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.53.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431552/; classtype:trojan-activity;sid:84294652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.3.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431553/; classtype:trojan-activity;sid:84294653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.175.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431554/; classtype:trojan-activity;sid:84294654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.172.151.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431551/; classtype:trojan-activity;sid:84294651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.159.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431549/; classtype:trojan-activity;sid:84294649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.238.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431550/; classtype:trojan-activity;sid:84294650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.147.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431548/; classtype:trojan-activity;sid:84294648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.194.55.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431547/; classtype:trojan-activity;sid:84294647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431545)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.196.118.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431545/; classtype:trojan-activity;sid:84294645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431546)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.190.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431546/; classtype:trojan-activity;sid:84294646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.167.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431544/; classtype:trojan-activity;sid:84294644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431543)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.168.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431543/; classtype:trojan-activity;sid:84294643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431542/; classtype:trojan-activity;sid:84294642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.226.176.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431541/; classtype:trojan-activity;sid:84294641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.229.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431540/; classtype:trojan-activity;sid:84294640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.160.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431539/; classtype:trojan-activity;sid:84294639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.126.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431538/; classtype:trojan-activity;sid:84294638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.87.12.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431537/; classtype:trojan-activity;sid:84294637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.215.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431536/; classtype:trojan-activity;sid:84294636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.28.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431535/; classtype:trojan-activity;sid:84294635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431534)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.97.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431534/; classtype:trojan-activity;sid:84294634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431533)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.81.94"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431533/; classtype:trojan-activity;sid:84294633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.20.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431532/; classtype:trojan-activity;sid:84294632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.56.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431531/; classtype:trojan-activity;sid:84294631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.64.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431530/; classtype:trojan-activity;sid:84294630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.83.173.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431529/; classtype:trojan-activity;sid:84294629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.63.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431528/; classtype:trojan-activity;sid:84294628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.238.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431527/; classtype:trojan-activity;sid:84294627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.215.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431526/; classtype:trojan-activity;sid:84294626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431525)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.191.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431525/; classtype:trojan-activity;sid:84294625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431524)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.95.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431524/; classtype:trojan-activity;sid:84294624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.94.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431523/; classtype:trojan-activity;sid:84294623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.229.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431522/; classtype:trojan-activity;sid:84294622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.126.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431521/; classtype:trojan-activity;sid:84294621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.94.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431520/; classtype:trojan-activity;sid:84294620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431519/; classtype:trojan-activity;sid:84294619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.147.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431518/; classtype:trojan-activity;sid:84294618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.198.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431517/; classtype:trojan-activity;sid:84294617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.43.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431516/; classtype:trojan-activity;sid:84294616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.87.12.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431515/; classtype:trojan-activity;sid:84294615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.197.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431513/; classtype:trojan-activity;sid:84294613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.64.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431514/; classtype:trojan-activity;sid:84294614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431512)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.160.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431512/; classtype:trojan-activity;sid:84294612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.6.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431511/; classtype:trojan-activity;sid:84294611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431510)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.58.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431510/; classtype:trojan-activity;sid:84294610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.178.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431509/; classtype:trojan-activity;sid:84294609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431508)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431508/; classtype:trojan-activity;sid:84294608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431507)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.232.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431507/; classtype:trojan-activity;sid:84294607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431506)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.87.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431506/; classtype:trojan-activity;sid:84294606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431504)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.31.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431504/; classtype:trojan-activity;sid:84294604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431505)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.245.2.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431505/; classtype:trojan-activity;sid:84294605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.177.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431503/; classtype:trojan-activity;sid:84294603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.21.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431502/; classtype:trojan-activity;sid:84294602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.234.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431501/; classtype:trojan-activity;sid:84294601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.21.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431499/; classtype:trojan-activity;sid:84294599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.125.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431500/; classtype:trojan-activity;sid:84294600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.177.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431498/; classtype:trojan-activity;sid:84294598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.240.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431497/; classtype:trojan-activity;sid:84294597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.125.51.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431495/; classtype:trojan-activity;sid:84294595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431496/; classtype:trojan-activity;sid:84294596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.5.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431494/; classtype:trojan-activity;sid:84294594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431493)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.20.68"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431493/; classtype:trojan-activity;sid:84294593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.65.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431492/; classtype:trojan-activity;sid:84294592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.177.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431491/; classtype:trojan-activity;sid:84294591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.58.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431490/; classtype:trojan-activity;sid:84294590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.36.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431489/; classtype:trojan-activity;sid:84294589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.56.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431488/; classtype:trojan-activity;sid:84294588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.151.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431487/; classtype:trojan-activity;sid:84294587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.64.152.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431486/; classtype:trojan-activity;sid:84294586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431485)"; flow:established,from_client; content:"GET"; http_method; content:"/gdfgdfgdfgdfgdfgfdg/g/raw/2f40a39b7be6e7e3e0bc4c9c2034166d13f5cdfc/mind.exe"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431485/; classtype:trojan-activity;sid:84294585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431483)"; flow:established,from_client; content:"GET"; http_method; content:"/gdfgdfgdfgdfgdfgfdg/g/raw/2f40a39b7be6e7e3e0bc4c9c2034166d13f5cdfc/blue.exe"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431483/; classtype:trojan-activity;sid:84294583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431484)"; flow:established,from_client; content:"GET"; http_method; content:"/gdfgdfgdfgdfgdfgfdg/g/raw/2f40a39b7be6e7e3e0bc4c9c2034166d13f5cdfc/red.exe"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431484/; classtype:trojan-activity;sid:84294584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431481)"; flow:established,from_client; content:"GET"; http_method; content:"/gdfgdfgdfgdfgdfgfdg/g/raw/2f40a39b7be6e7e3e0bc4c9c2034166d13f5cdfc/zln61.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431481/; classtype:trojan-activity;sid:84294581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431482)"; flow:established,from_client; content:"GET"; http_method; content:"/gdfgdfgdfgdfgdfgfdg/g/raw/2f40a39b7be6e7e3e0bc4c9c2034166d13f5cdfc/purple.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431482/; classtype:trojan-activity;sid:84294582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431479)"; flow:established,from_client; content:"GET"; http_method; content:"/gdfgdfgdfgdfgdfgfdg/g/raw/2f40a39b7be6e7e3e0bc4c9c2034166d13f5cdfc/clp.exe"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431479/; classtype:trojan-activity;sid:84294579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431480)"; flow:established,from_client; content:"GET"; http_method; content:"/gdfgdfgdfgdfgdfgfdg/g/raw/2f40a39b7be6e7e3e0bc4c9c2034166d13f5cdfc/black.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431480/; classtype:trojan-activity;sid:84294580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431478)"; flow:established,from_client; content:"GET"; http_method; content:"/emjsjs/azzzhh/downloads/sv279.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431478/; classtype:trojan-activity;sid:84294578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431477)"; flow:established,from_client; content:"GET"; http_method; content:"/gdfgdfgdfgdfgdfgfdg/g/raw/2f40a39b7be6e7e3e0bc4c9c2034166d13f5cdfc/yl61.exe"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431477/; classtype:trojan-activity;sid:84294577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431476)"; flow:established,from_client; content:"GET"; http_method; content:"/part/seteupr.msi"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"burnfatandfast.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431476/; classtype:trojan-activity;sid:84294576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431475)"; flow:established,from_client; content:"GET"; http_method; content:"/part/seteupr.msi"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"5.181.3.170"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431475/; classtype:trojan-activity;sid:84294575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431473)"; flow:established,from_client; content:"GET"; http_method; content:"/parts/tech_spec.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"5.181.3.170"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431473/; classtype:trojan-activity;sid:84294573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431474)"; flow:established,from_client; content:"GET"; http_method; content:"/parts/tech_spec.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"burnfatandfast.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431474/; classtype:trojan-activity;sid:84294574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.194.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431472/; classtype:trojan-activity;sid:84294572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431470)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431470/; classtype:trojan-activity;sid:84294570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431471)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431471/; classtype:trojan-activity;sid:84294571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431469)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.93.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431469/; classtype:trojan-activity;sid:84294569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431468)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.124.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431468/; classtype:trojan-activity;sid:84294568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.41.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431467/; classtype:trojan-activity;sid:84294567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.125.51.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431466/; classtype:trojan-activity;sid:84294566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.198.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431465/; classtype:trojan-activity;sid:84294565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.5.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431464/; classtype:trojan-activity;sid:84294564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431463)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"51.75.31.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431463/; classtype:trojan-activity;sid:84294563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431462)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"104.194.152.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431462/; classtype:trojan-activity;sid:84294562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431448)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.73.124.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431448/; classtype:trojan-activity;sid:84294548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431449)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.43.131.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431449/; classtype:trojan-activity;sid:84294549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431450)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.222.48.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431450/; classtype:trojan-activity;sid:84294550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431451)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.205.98.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431451/; classtype:trojan-activity;sid:84294551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431452)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.201.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431452/; classtype:trojan-activity;sid:84294552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431453)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"150.158.33.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431453/; classtype:trojan-activity;sid:84294553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431454)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.35.45.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431454/; classtype:trojan-activity;sid:84294554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431455)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.100.64.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431455/; classtype:trojan-activity;sid:84294555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431456)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.130.132.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431456/; classtype:trojan-activity;sid:84294556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431457)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.35.228.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431457/; classtype:trojan-activity;sid:84294557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431458)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.8.116.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431458/; classtype:trojan-activity;sid:84294558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431459)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.8.116.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431459/; classtype:trojan-activity;sid:84294559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431460)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"189.1.216.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431460/; classtype:trojan-activity;sid:84294560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431461)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.52.37.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431461/; classtype:trojan-activity;sid:84294561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431446)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"34.78.33.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431446/; classtype:trojan-activity;sid:84294546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431447)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.188.254.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431447/; classtype:trojan-activity;sid:84294547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431445)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.150.70.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431445/; classtype:trojan-activity;sid:84294545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.173.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431444/; classtype:trojan-activity;sid:84294544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.108.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431443/; classtype:trojan-activity;sid:84294543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.247.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431440/; classtype:trojan-activity;sid:84294540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.7.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431441/; classtype:trojan-activity;sid:84294541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.56.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431442/; classtype:trojan-activity;sid:84294542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.234.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431439/; classtype:trojan-activity;sid:84294539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.102.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431438/; classtype:trojan-activity;sid:84294538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.250.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431437/; classtype:trojan-activity;sid:84294537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.65.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431436/; classtype:trojan-activity;sid:84294536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.146.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431435/; classtype:trojan-activity;sid:84294535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.109.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431434/; classtype:trojan-activity;sid:84294534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431425)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"5.175.249.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431425/; classtype:trojan-activity;sid:84294525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431426)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"5.175.249.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431426/; classtype:trojan-activity;sid:84294526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431427)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i486"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.175.249.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431427/; classtype:trojan-activity;sid:84294527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431428)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"5.175.249.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431428/; classtype:trojan-activity;sid:84294528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431429)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"5.175.249.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431429/; classtype:trojan-activity;sid:84294529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431430)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.175.249.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431430/; classtype:trojan-activity;sid:84294530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431431)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.175.249.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431431/; classtype:trojan-activity;sid:84294531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431432)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.175.249.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431432/; classtype:trojan-activity;sid:84294532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431433)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.175.249.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431433/; classtype:trojan-activity;sid:84294533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.106.55.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431422/; classtype:trojan-activity;sid:84294522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.169.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431423/; classtype:trojan-activity;sid:84294523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.124.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431424/; classtype:trojan-activity;sid:84294524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.177.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431421/; classtype:trojan-activity;sid:84294521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.51.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431419/; classtype:trojan-activity;sid:84294519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.17.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431420/; classtype:trojan-activity;sid:84294520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.74.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431418/; classtype:trojan-activity;sid:84294518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.26.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431417/; classtype:trojan-activity;sid:84294517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.14.188"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431416/; classtype:trojan-activity;sid:84294516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.24.134.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431415/; classtype:trojan-activity;sid:84294515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.94.190.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431414/; classtype:trojan-activity;sid:84294514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.78.231.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431411/; classtype:trojan-activity;sid:84294511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.4.126.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431412/; classtype:trojan-activity;sid:84294512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.41.168.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431413/; classtype:trojan-activity;sid:84294513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.48.73.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431407/; classtype:trojan-activity;sid:84294507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.108.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431408/; classtype:trojan-activity;sid:84294508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.237.214.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431409/; classtype:trojan-activity;sid:84294509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.191.68.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431410/; classtype:trojan-activity;sid:84294510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.123.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431398/; classtype:trojan-activity;sid:84294498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.49.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431399/; classtype:trojan-activity;sid:84294499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.24.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431400/; classtype:trojan-activity;sid:84294500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.120.241.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431401/; classtype:trojan-activity;sid:84294501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.30.44.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431402/; classtype:trojan-activity;sid:84294502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.147.249.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431403/; classtype:trojan-activity;sid:84294503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.58.80.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431404/; classtype:trojan-activity;sid:84294504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.43.134.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431405/; classtype:trojan-activity;sid:84294505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.183.120.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431406/; classtype:trojan-activity;sid:84294506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"51.190.240.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431395/; classtype:trojan-activity;sid:84294495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.83.158.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431396/; classtype:trojan-activity;sid:84294496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.132.214.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431397/; classtype:trojan-activity;sid:84294497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.182.77.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431393/; classtype:trojan-activity;sid:84294493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.125.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431394/; classtype:trojan-activity;sid:84294494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.156.70.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431392/; classtype:trojan-activity;sid:84294492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431391)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.104.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431391/; classtype:trojan-activity;sid:84294491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.26.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431390/; classtype:trojan-activity;sid:84294490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431389)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.199.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431389/; classtype:trojan-activity;sid:84294489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431388)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.210.135.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431388/; classtype:trojan-activity;sid:84294488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431387)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.200.163.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431387/; classtype:trojan-activity;sid:84294487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431386)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.236.175.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431386/; classtype:trojan-activity;sid:84294486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431385)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.14.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431385/; classtype:trojan-activity;sid:84294485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431384)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.73.163.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431384/; classtype:trojan-activity;sid:84294484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431383)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.182.94.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431383/; classtype:trojan-activity;sid:84294483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431382)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.61.26.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431382/; classtype:trojan-activity;sid:84294482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431381)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.168.90.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431381/; classtype:trojan-activity;sid:84294481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.173.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431374/; classtype:trojan-activity;sid:84294474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431375)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.242.235.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431375/; classtype:trojan-activity;sid:84294475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431376)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.242.199.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431376/; classtype:trojan-activity;sid:84294476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431377)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.94.61"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431377/; classtype:trojan-activity;sid:84294477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431378)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.136.145.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431378/; classtype:trojan-activity;sid:84294478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431379)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.88.33.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431379/; classtype:trojan-activity;sid:84294479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431380)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.244.70.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431380/; classtype:trojan-activity;sid:84294480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431370)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.12.3.127"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431370/; classtype:trojan-activity;sid:84294470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431371)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.152.251.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431371/; classtype:trojan-activity;sid:84294471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431372)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.184.141.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431372/; classtype:trojan-activity;sid:84294472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431373)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.144.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431373/; classtype:trojan-activity;sid:84294473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.184.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431369/; classtype:trojan-activity;sid:84294469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.177.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431368/; classtype:trojan-activity;sid:84294468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.7.82"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431367/; classtype:trojan-activity;sid:84294467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.102.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431366/; classtype:trojan-activity;sid:84294466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.233.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431365/; classtype:trojan-activity;sid:84294465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.0.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431363/; classtype:trojan-activity;sid:84294463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.215.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431364/; classtype:trojan-activity;sid:84294464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.146.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431362/; classtype:trojan-activity;sid:84294462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.234.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431361/; classtype:trojan-activity;sid:84294461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.41.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431360/; classtype:trojan-activity;sid:84294460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.169.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431359/; classtype:trojan-activity;sid:84294459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.8.243"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431358/; classtype:trojan-activity;sid:84294458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431357)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.120.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431357/; classtype:trojan-activity;sid:84294457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.192.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431356/; classtype:trojan-activity;sid:84294456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.126.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431355/; classtype:trojan-activity;sid:84294455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.233.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431354/; classtype:trojan-activity;sid:84294454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.0.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431353/; classtype:trojan-activity;sid:84294453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.109.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431352/; classtype:trojan-activity;sid:84294452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.86.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431350/; classtype:trojan-activity;sid:84294450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.184.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431351/; classtype:trojan-activity;sid:84294451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431349)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.215.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431349/; classtype:trojan-activity;sid:84294449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.146.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431348/; classtype:trojan-activity;sid:84294448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.15.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431347/; classtype:trojan-activity;sid:84294447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.19.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431346/; classtype:trojan-activity;sid:84294446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.242.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431345/; classtype:trojan-activity;sid:84294445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.8.243"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431344/; classtype:trojan-activity;sid:84294444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431343)"; flow:established,from_client; content:"GET"; http_method; content:"/profilelayout"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hub.unlimitedcashflowevent.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431343/; classtype:trojan-activity;sid:84294443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.98.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431342/; classtype:trojan-activity;sid:84294442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.43.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431341/; classtype:trojan-activity;sid:84294441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.70.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431339/; classtype:trojan-activity;sid:84294439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.208.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431340/; classtype:trojan-activity;sid:84294440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.98.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431338/; classtype:trojan-activity;sid:84294438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.86.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431337/; classtype:trojan-activity;sid:84294437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.62.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431336/; classtype:trojan-activity;sid:84294436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431335)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.6.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431335/; classtype:trojan-activity;sid:84294435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.15.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431334/; classtype:trojan-activity;sid:84294434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.96.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431333/; classtype:trojan-activity;sid:84294433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.79.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431332/; classtype:trojan-activity;sid:84294432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.126.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431329/; classtype:trojan-activity;sid:84294429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431328)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/htg7uu0d"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431328/; classtype:trojan-activity;sid:84294428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.43.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431326/; classtype:trojan-activity;sid:84294426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.155.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431327/; classtype:trojan-activity;sid:84294427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431325)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.240.155"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431325/; classtype:trojan-activity;sid:84294425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431323)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431323/; classtype:trojan-activity;sid:84294423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431324)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.8.160"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431324/; classtype:trojan-activity;sid:84294424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.42.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431322/; classtype:trojan-activity;sid:84294422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.70.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431321/; classtype:trojan-activity;sid:84294421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.62.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431320/; classtype:trojan-activity;sid:84294420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431318)"; flow:established,from_client; content:"GET"; http_method; content:"/7"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.189.1.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431318/; classtype:trojan-activity;sid:84294418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431319)"; flow:established,from_client; content:"GET"; http_method; content:"/1"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.189.1.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431319/; classtype:trojan-activity;sid:84294419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431316)"; flow:established,from_client; content:"GET"; http_method; content:"/5"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.189.1.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431316/; classtype:trojan-activity;sid:84294416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431317)"; flow:established,from_client; content:"GET"; http_method; content:"/2"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.189.1.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431317/; classtype:trojan-activity;sid:84294417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.155.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431312/; classtype:trojan-activity;sid:84294412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431308)"; flow:established,from_client; content:"GET"; http_method; content:"/5"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.152.112.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431308/; classtype:trojan-activity;sid:84294408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431309)"; flow:established,from_client; content:"GET"; http_method; content:"/nan"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.152.112.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431309/; classtype:trojan-activity;sid:84294409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431310)"; flow:established,from_client; content:"GET"; http_method; content:"/4"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.152.112.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431310/; classtype:trojan-activity;sid:84294410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431311)"; flow:established,from_client; content:"GET"; http_method; content:"/che"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.152.112.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431311/; classtype:trojan-activity;sid:84294411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431307)"; flow:established,from_client; content:"GET"; http_method; content:"/l"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"googlevoice.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431307/; classtype:trojan-activity;sid:84294407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.96.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431306/; classtype:trojan-activity;sid:84294406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431305)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431305/; classtype:trojan-activity;sid:84294405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.79.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431303/; classtype:trojan-activity;sid:84294403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431304)"; flow:established,from_client; content:"GET"; http_method; content:"/rj1.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.152.112.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431304/; classtype:trojan-activity;sid:84294404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431301)"; flow:established,from_client; content:"GET"; http_method; content:"/av.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.136.43.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431301/; classtype:trojan-activity;sid:84294401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431302)"; flow:established,from_client; content:"GET"; http_method; content:"/2.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.189.1.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431302/; classtype:trojan-activity;sid:84294402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431300)"; flow:established,from_client; content:"GET"; http_method; content:"/d.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"googlevoice.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431300/; classtype:trojan-activity;sid:84294400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.242.81.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431299/; classtype:trojan-activity;sid:84294399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.50.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431298/; classtype:trojan-activity;sid:84294398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.141.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431297/; classtype:trojan-activity;sid:84294397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.241.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431296/; classtype:trojan-activity;sid:84294396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431295/; classtype:trojan-activity;sid:84294395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431294)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.161.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431294/; classtype:trojan-activity;sid:84294394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431293)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.97.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431293/; classtype:trojan-activity;sid:84294393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.115.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431292/; classtype:trojan-activity;sid:84294392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.141.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431291/; classtype:trojan-activity;sid:84294391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431290)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.186.216.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431290/; classtype:trojan-activity;sid:84294390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.104.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431289/; classtype:trojan-activity;sid:84294389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.242.81.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431288/; classtype:trojan-activity;sid:84294388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.179.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431287/; classtype:trojan-activity;sid:84294387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.83.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431286/; classtype:trojan-activity;sid:84294386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431285)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.27.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431285/; classtype:trojan-activity;sid:84294385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.241.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431284/; classtype:trojan-activity;sid:84294384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.183.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431283/; classtype:trojan-activity;sid:84294383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.85.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431282/; classtype:trojan-activity;sid:84294382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.145.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431281/; classtype:trojan-activity;sid:84294381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.50.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431280/; classtype:trojan-activity;sid:84294380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431276)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.111.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431276/; classtype:trojan-activity;sid:84294376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431277)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.10.158.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431277/; classtype:trojan-activity;sid:84294377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431278)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.10.167.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431278/; classtype:trojan-activity;sid:84294378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.200.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431279/; classtype:trojan-activity;sid:84294379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431275)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.129.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431275/; classtype:trojan-activity;sid:84294375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431274)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.81.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431274/; classtype:trojan-activity;sid:84294374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431273)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.129.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431273/; classtype:trojan-activity;sid:84294373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.245.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431272/; classtype:trojan-activity;sid:84294372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431271/; classtype:trojan-activity;sid:84294371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.135.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431270/; classtype:trojan-activity;sid:84294370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.84.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431269/; classtype:trojan-activity;sid:84294369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.90.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431268/; classtype:trojan-activity;sid:84294368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.101.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431266/; classtype:trojan-activity;sid:84294366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.211.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431267/; classtype:trojan-activity;sid:84294367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.186.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431265/; classtype:trojan-activity;sid:84294365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.90.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431264/; classtype:trojan-activity;sid:84294364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.36.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431263/; classtype:trojan-activity;sid:84294363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.25.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431262/; classtype:trojan-activity;sid:84294362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.186.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431261/; classtype:trojan-activity;sid:84294361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431260)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.72.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431260/; classtype:trojan-activity;sid:84294360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.136.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431259/; classtype:trojan-activity;sid:84294359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.135.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431256/; classtype:trojan-activity;sid:84294356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431257)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.101.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431257/; classtype:trojan-activity;sid:84294357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431258)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.20.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431258/; classtype:trojan-activity;sid:84294358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.211.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431255/; classtype:trojan-activity;sid:84294355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.213.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431254/; classtype:trojan-activity;sid:84294354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.248.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431253/; classtype:trojan-activity;sid:84294353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.247.16.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431252/; classtype:trojan-activity;sid:84294352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431250)"; flow:established,from_client; content:"GET"; http_method; content:"/check-secure/"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sexducks.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431250/; classtype:trojan-activity;sid:84294350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431248)"; flow:established,from_client; content:"GET"; http_method; content:"/verifcheck.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"check.xxxivi.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431248/; classtype:trojan-activity;sid:84294348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431249)"; flow:established,from_client; content:"GET"; http_method; content:"/14f84bb67680c89d.js"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"secure.sexducks.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431249/; classtype:trojan-activity;sid:84294349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.131.60.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431247/; classtype:trojan-activity;sid:84294347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431246)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.115.89.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431246/; classtype:trojan-activity;sid:84294346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431245)"; flow:established,from_client; content:"GET"; http_method; content:"/thfuk/f6ac4d/1738956919/setup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"tempsend.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431245/; classtype:trojan-activity;sid:84294345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.36.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431244/; classtype:trojan-activity;sid:84294344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431243)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431243/; classtype:trojan-activity;sid:84294343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.81.170.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431241/; classtype:trojan-activity;sid:84294341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431242)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.56.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431242/; classtype:trojan-activity;sid:84294342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.25.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431240/; classtype:trojan-activity;sid:84294340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.74.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431239/; classtype:trojan-activity;sid:84294339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431238)"; flow:established,from_client; content:"GET"; http_method; content:"/txt/kkoumjftzd7ouhw.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"weixe.ir"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431238/; classtype:trojan-activity;sid:84294338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431235)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.116.104.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431235/; classtype:trojan-activity;sid:84294335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431236)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.116.104.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431236/; classtype:trojan-activity;sid:84294336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431237)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.116.104.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431237/; classtype:trojan-activity;sid:84294337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.232.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431234/; classtype:trojan-activity;sid:84294334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431232)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"5.175.249.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431232/; classtype:trojan-activity;sid:84294332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.160.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431233/; classtype:trojan-activity;sid:84294333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431230)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.175.249.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431230/; classtype:trojan-activity;sid:84294330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431231)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.175.249.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431231/; classtype:trojan-activity;sid:84294331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.131.60.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431229/; classtype:trojan-activity;sid:84294329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.136.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431228/; classtype:trojan-activity;sid:84294328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.247.16.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431227/; classtype:trojan-activity;sid:84294327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431226)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.113.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431226/; classtype:trojan-activity;sid:84294326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431225)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.60.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431225/; classtype:trojan-activity;sid:84294325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.206.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431224/; classtype:trojan-activity;sid:84294324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.170.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431223/; classtype:trojan-activity;sid:84294323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.82.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431222/; classtype:trojan-activity;sid:84294322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.206.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431221/; classtype:trojan-activity;sid:84294321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.82.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431219/; classtype:trojan-activity;sid:84294319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.240.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431220/; classtype:trojan-activity;sid:84294320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431218)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.46.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431218/; classtype:trojan-activity;sid:84294318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431217/; classtype:trojan-activity;sid:84294317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.103.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431215/; classtype:trojan-activity;sid:84294315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.74.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431216/; classtype:trojan-activity;sid:84294316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431214)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"xxo.colo.oystergarden.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431214/; classtype:trojan-activity;sid:84294314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.103.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431213/; classtype:trojan-activity;sid:84294313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.98.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431212/; classtype:trojan-activity;sid:84294312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431211)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.152.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431211/; classtype:trojan-activity;sid:84294311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.213.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431210/; classtype:trojan-activity;sid:84294310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.200.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431209/; classtype:trojan-activity;sid:84294309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431208)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.82.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431208/; classtype:trojan-activity;sid:84294308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.46.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431207/; classtype:trojan-activity;sid:84294307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.69.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431206/; classtype:trojan-activity;sid:84294306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.142.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431205/; classtype:trojan-activity;sid:84294305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.84.68.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431204/; classtype:trojan-activity;sid:84294304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.98.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431203/; classtype:trojan-activity;sid:84294303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.54.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431202/; classtype:trojan-activity;sid:84294302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431199)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.19.254"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431199/; classtype:trojan-activity;sid:84294299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.208.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431200/; classtype:trojan-activity;sid:84294300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431201)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.47.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431201/; classtype:trojan-activity;sid:84294301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.37.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431198/; classtype:trojan-activity;sid:84294298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.84.68.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431197/; classtype:trojan-activity;sid:84294297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431196)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.151.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431196/; classtype:trojan-activity;sid:84294296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.54.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431195/; classtype:trojan-activity;sid:84294295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.90.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431194/; classtype:trojan-activity;sid:84294294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.114.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431193/; classtype:trojan-activity;sid:84294293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431192)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431192/; classtype:trojan-activity;sid:84294292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431190)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.153.201.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431190/; classtype:trojan-activity;sid:84294290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431191)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.100.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431191/; classtype:trojan-activity;sid:84294291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.113.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431189/; classtype:trojan-activity;sid:84294289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431188)"; flow:established,from_client; content:"GET"; http_method; content:"/fester/coldleadershipp.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"212.34.135.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431188/; classtype:trojan-activity;sid:84294288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431186)"; flow:established,from_client; content:"GET"; http_method; content:"/fester/skillexpertise.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"212.34.135.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431186/; classtype:trojan-activity;sid:84294286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431187)"; flow:established,from_client; content:"GET"; http_method; content:"/fester/hotdetermine.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"212.34.135.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431187/; classtype:trojan-activity;sid:84294287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431185)"; flow:established,from_client; content:"GET"; http_method; content:"/fester/peopleprogrammer.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"212.34.135.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431185/; classtype:trojan-activity;sid:84294285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431182)"; flow:established,from_client; content:"GET"; http_method; content:"/fester/roomorganization000.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"212.34.135.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431182/; classtype:trojan-activity;sid:84294282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431183)"; flow:established,from_client; content:"GET"; http_method; content:"/fester/forwardlead.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"212.34.135.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431183/; classtype:trojan-activity;sid:84294283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431184)"; flow:established,from_client; content:"GET"; http_method; content:"/fester/forcechief.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"212.34.135.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431184/; classtype:trojan-activity;sid:84294284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431179)"; flow:established,from_client; content:"GET"; http_method; content:"/fester/coldleadership.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"212.34.135.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431179/; classtype:trojan-activity;sid:84294279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431180)"; flow:established,from_client; content:"GET"; http_method; content:"/fester/tideroom.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"212.34.135.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431180/; classtype:trojan-activity;sid:84294280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431181)"; flow:established,from_client; content:"GET"; http_method; content:"/fester/lovedemand.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"212.34.135.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431181/; classtype:trojan-activity;sid:84294281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431178)"; flow:established,from_client; content:"GET"; http_method; content:"/fester/roomorganization.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"212.34.135.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431178/; classtype:trojan-activity;sid:84294278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431177)"; flow:established,from_client; content:"GET"; http_method; content:"/fester/understandconsiderable.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"212.34.135.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431177/; classtype:trojan-activity;sid:84294277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431176)"; flow:established,from_client; content:"GET"; http_method; content:"/fester/countrycompetitivepro.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"212.34.135.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431176/; classtype:trojan-activity;sid:84294276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.69.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431175/; classtype:trojan-activity;sid:84294275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431174)"; flow:established,from_client; content:"GET"; http_method; content:"/fester/coldleaderships.bat"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"212.34.135.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431174/; classtype:trojan-activity;sid:84294274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.116.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431173/; classtype:trojan-activity;sid:84294273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431172)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.188.80.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431172/; classtype:trojan-activity;sid:84294272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431171)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.145.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431171/; classtype:trojan-activity;sid:84294271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.210.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431170/; classtype:trojan-activity;sid:84294270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.113.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431169/; classtype:trojan-activity;sid:84294269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.69.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431168/; classtype:trojan-activity;sid:84294268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.39.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431167/; classtype:trojan-activity;sid:84294267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431166)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.83.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431166/; classtype:trojan-activity;sid:84294266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.180.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431164/; classtype:trojan-activity;sid:84294264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.50.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431165/; classtype:trojan-activity;sid:84294265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.213.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431163/; classtype:trojan-activity;sid:84294263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431162)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.63.112.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431162/; classtype:trojan-activity;sid:84294262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.244.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431161/; classtype:trojan-activity;sid:84294261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.16.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431160/; classtype:trojan-activity;sid:84294260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.185.49.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431159/; classtype:trojan-activity;sid:84294259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431158)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.167.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431158/; classtype:trojan-activity;sid:84294258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.210.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431157/; classtype:trojan-activity;sid:84294257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431156)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431156/; classtype:trojan-activity;sid:84294256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.244.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431155/; classtype:trojan-activity;sid:84294255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.19.25.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431154/; classtype:trojan-activity;sid:84294254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.173.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431153/; classtype:trojan-activity;sid:84294253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.80.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431152/; classtype:trojan-activity;sid:84294252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431151)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.186.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431151/; classtype:trojan-activity;sid:84294251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431150)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.36.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431150/; classtype:trojan-activity;sid:84294250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.128.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431149/; classtype:trojan-activity;sid:84294249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.16.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431148/; classtype:trojan-activity;sid:84294248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.137.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431147/; classtype:trojan-activity;sid:84294247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.50.70.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431146/; classtype:trojan-activity;sid:84294246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.163.245.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431145/; classtype:trojan-activity;sid:84294245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.173.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431144/; classtype:trojan-activity;sid:84294244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.222.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431142/; classtype:trojan-activity;sid:84294242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.121.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431143/; classtype:trojan-activity;sid:84294243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.64.152.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431141/; classtype:trojan-activity;sid:84294241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.140.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431140/; classtype:trojan-activity;sid:84294240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.104.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431138/; classtype:trojan-activity;sid:84294238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.80.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431139/; classtype:trojan-activity;sid:84294239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.163.245.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431137/; classtype:trojan-activity;sid:84294237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.253.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431136/; classtype:trojan-activity;sid:84294236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.51.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431135/; classtype:trojan-activity;sid:84294235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.126.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431134/; classtype:trojan-activity;sid:84294234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.93.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431133/; classtype:trojan-activity;sid:84294233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431132)"; flow:established,from_client; content:"GET"; http_method; content:"/putty.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mac-only.site"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431132/; classtype:trojan-activity;sid:84294232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.213.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431131/; classtype:trojan-activity;sid:84294231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.128.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431130/; classtype:trojan-activity;sid:84294230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.121.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431129/; classtype:trojan-activity;sid:84294229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431128)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.15.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431128/; classtype:trojan-activity;sid:84294228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431127)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.173.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431127/; classtype:trojan-activity;sid:84294227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.134.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431125/; classtype:trojan-activity;sid:84294225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.104.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431126/; classtype:trojan-activity;sid:84294226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.14.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431124/; classtype:trojan-activity;sid:84294224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.45.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431123/; classtype:trojan-activity;sid:84294223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.74.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431122/; classtype:trojan-activity;sid:84294222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.208.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431121/; classtype:trojan-activity;sid:84294221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431120)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.145.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431120/; classtype:trojan-activity;sid:84294220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431119)"; flow:established,from_client; content:"GET"; http_method; content:"/0wr4ewvlxt8e95cy.html"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"userauthme02.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431119/; classtype:trojan-activity;sid:84294219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431117)"; flow:established,from_client; content:"GET"; http_method; content:"/b1jv"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"nicholasmundy.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431117/; classtype:trojan-activity;sid:84294217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431118)"; flow:established,from_client; content:"GET"; http_method; content:"/00sr"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"starzmi.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431118/; classtype:trojan-activity;sid:84294218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431116/; classtype:trojan-activity;sid:84294216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.213.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431115/; classtype:trojan-activity;sid:84294215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431114)"; flow:established,from_client; content:"GET"; http_method; content:"/z.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.81.68.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431114/; classtype:trojan-activity;sid:84294214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.234.130.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431113/; classtype:trojan-activity;sid:84294213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.222.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431112/; classtype:trojan-activity;sid:84294212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431110)"; flow:established,from_client; content:"GET"; http_method; content:"/vcruntime140.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431110/; classtype:trojan-activity;sid:84294210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431111)"; flow:established,from_client; content:"GET"; http_method; content:"/softokn3.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431111/; classtype:trojan-activity;sid:84294211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.235.200.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431109/; classtype:trojan-activity;sid:84294209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.100.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431108/; classtype:trojan-activity;sid:84294208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.242.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431107/; classtype:trojan-activity;sid:84294207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431106)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.206.174.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431106/; classtype:trojan-activity;sid:84294206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431105)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.8.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431105/; classtype:trojan-activity;sid:84294205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.140.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431104/; classtype:trojan-activity;sid:84294204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431103)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%88%b7%e5%9e%8b%e5%9b%be.jpg"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"47.99.93.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431103/; classtype:trojan-activity;sid:84294203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.254.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431102/; classtype:trojan-activity;sid:84294202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.234.130.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431101/; classtype:trojan-activity;sid:84294201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.208.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431099/; classtype:trojan-activity;sid:84294199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.229.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431100/; classtype:trojan-activity;sid:84294200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.213.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431098/; classtype:trojan-activity;sid:84294198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.169.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431097/; classtype:trojan-activity;sid:84294197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.168.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431096/; classtype:trojan-activity;sid:84294196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.21.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431095/; classtype:trojan-activity;sid:84294195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431094)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.200.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431094/; classtype:trojan-activity;sid:84294194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.208.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431093/; classtype:trojan-activity;sid:84294193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431091)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431091/; classtype:trojan-activity;sid:84294191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431092)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.107.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431092/; classtype:trojan-activity;sid:84294192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.102.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431090/; classtype:trojan-activity;sid:84294190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.14.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431089/; classtype:trojan-activity;sid:84294189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.47.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431088/; classtype:trojan-activity;sid:84294188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.21.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431087/; classtype:trojan-activity;sid:84294187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431086)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.215.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431086/; classtype:trojan-activity;sid:84294186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431084)"; flow:established,from_client; content:"GET"; http_method; content:"/steam.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dnsdeerrorlehaxor.ddns.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431084/; classtype:trojan-activity;sid:84294184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431083)"; flow:established,from_client; content:"GET"; http_method; content:"/cp_sh.eml"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"u2.fondnesssprayamiable.shop"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431083/; classtype:trojan-activity;sid:84294183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.229.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431082/; classtype:trojan-activity;sid:84294182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.144.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431080/; classtype:trojan-activity;sid:84294180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.208.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431081/; classtype:trojan-activity;sid:84294181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.28.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431079/; classtype:trojan-activity;sid:84294179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.47.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431078/; classtype:trojan-activity;sid:84294178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.15.66"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431077/; classtype:trojan-activity;sid:84294177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.58.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431076/; classtype:trojan-activity;sid:84294176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431075)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.230.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431075/; classtype:trojan-activity;sid:84294175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.21.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431074/; classtype:trojan-activity;sid:84294174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.57.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431073/; classtype:trojan-activity;sid:84294173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.84.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431072/; classtype:trojan-activity;sid:84294172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431071)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.11.132.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431071/; classtype:trojan-activity;sid:84294171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431070)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.10.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431070/; classtype:trojan-activity;sid:84294170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431068)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.27.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431068/; classtype:trojan-activity;sid:84294168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431069)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.195.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431069/; classtype:trojan-activity;sid:84294169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431066)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.21.165.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431066/; classtype:trojan-activity;sid:84294166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431067)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431067/; classtype:trojan-activity;sid:84294167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431065)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.2.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431065/; classtype:trojan-activity;sid:84294165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.113.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431063/; classtype:trojan-activity;sid:84294163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431064)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.253.225.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431064/; classtype:trojan-activity;sid:84294164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431061)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.89.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431061/; classtype:trojan-activity;sid:84294161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431062)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.61.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431062/; classtype:trojan-activity;sid:84294162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431060)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"199.16.59.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431060/; classtype:trojan-activity;sid:84294160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431059)"; flow:established,from_client; content:"GET"; http_method; content:"/files/shadowinject.rar"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"shadowinject.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431059/; classtype:trojan-activity;sid:84294159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431058)"; flow:established,from_client; content:"GET"; http_method; content:"/apps/bitcoin3000.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"45.55.122.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431058/; classtype:trojan-activity;sid:84294158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.187.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431057/; classtype:trojan-activity;sid:84294157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.191.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431055/; classtype:trojan-activity;sid:84294155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.211.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431054/; classtype:trojan-activity;sid:84294154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.242.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431053/; classtype:trojan-activity;sid:84294153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431052)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.17.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431052/; classtype:trojan-activity;sid:84294152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431051)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.169.234.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431051/; classtype:trojan-activity;sid:84294151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.134.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431050/; classtype:trojan-activity;sid:84294150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.191.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431049/; classtype:trojan-activity;sid:84294149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431048)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431048/; classtype:trojan-activity;sid:84294148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.15.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431047/; classtype:trojan-activity;sid:84294147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431041)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431041/; classtype:trojan-activity;sid:84294141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431042)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431042/; classtype:trojan-activity;sid:84294142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431043)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431043/; classtype:trojan-activity;sid:84294143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431044)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431044/; classtype:trojan-activity;sid:84294144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431045)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431045/; classtype:trojan-activity;sid:84294145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431046)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431046/; classtype:trojan-activity;sid:84294146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431040)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.102.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431040/; classtype:trojan-activity;sid:84294140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431039)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.84.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431039/; classtype:trojan-activity;sid:84294139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.57.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431038/; classtype:trojan-activity;sid:84294138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.187.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431037/; classtype:trojan-activity;sid:84294137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431036)"; flow:established,from_client; content:"GET"; http_method; content:"/b3"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.136.43.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431036/; classtype:trojan-activity;sid:84294136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431035)"; flow:established,from_client; content:"GET"; http_method; content:"/b1"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.136.43.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431035/; classtype:trojan-activity;sid:84294135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.211.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431034/; classtype:trojan-activity;sid:84294134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.169.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431033/; classtype:trojan-activity;sid:84294133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.253.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431032/; classtype:trojan-activity;sid:84294132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.223.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431031/; classtype:trojan-activity;sid:84294131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.57.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431030/; classtype:trojan-activity;sid:84294130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431022)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/gay.png.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"212.192.14.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431022/; classtype:trojan-activity;sid:84294122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431023)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/testonload.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"212.192.14.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431023/; classtype:trojan-activity;sid:84294123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.195.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431024/; classtype:trojan-activity;sid:84294124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431025)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/test.pdf.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"212.192.14.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431025/; classtype:trojan-activity;sid:84294125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431026)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/weightloose.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"212.192.14.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431026/; classtype:trojan-activity;sid:84294126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431027)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/test1.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"212.192.14.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431027/; classtype:trojan-activity;sid:84294127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431028)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/weight%20loose.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"212.192.14.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431028/; classtype:trojan-activity;sid:84294128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431029)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/tesyt.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"212.192.14.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431029/; classtype:trojan-activity;sid:84294129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.224.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431021/; classtype:trojan-activity;sid:84294121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.134.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431020/; classtype:trojan-activity;sid:84294120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431019)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.188.74.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431019/; classtype:trojan-activity;sid:84294119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431018)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rechnung_2025_02_05.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"193.233.48.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431018/; classtype:trojan-activity;sid:84294118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.238.171.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431017/; classtype:trojan-activity;sid:84294117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.249.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431016/; classtype:trojan-activity;sid:84294116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.0.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431014/; classtype:trojan-activity;sid:84294114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.234.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431015/; classtype:trojan-activity;sid:84294115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.223.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431013/; classtype:trojan-activity;sid:84294113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.60.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431012/; classtype:trojan-activity;sid:84294112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431011)"; flow:established,from_client; content:"GET"; http_method; content:"/rul.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bush-felt-fossil-richard.trycloudflare.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431011/; classtype:trojan-activity;sid:84294111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431010)"; flow:established,from_client; content:"GET"; http_method; content:"/bas.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bush-felt-fossil-richard.trycloudflare.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431010/; classtype:trojan-activity;sid:84294110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431009)"; flow:established,from_client; content:"GET"; http_method; content:"/june--pdf11.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"bush-felt-fossil-richard.trycloudflare.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431009/; classtype:trojan-activity;sid:84294109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431008)"; flow:established,from_client; content:"GET"; http_method; content:"/tune--pdf11.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"bush-felt-fossil-richard.trycloudflare.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431008/; classtype:trojan-activity;sid:84294108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431007)"; flow:established,from_client; content:"GET"; http_method; content:"/yqxjbcpnn92.bin"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"195.211.190.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431007/; classtype:trojan-activity;sid:84294107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.42.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431006/; classtype:trojan-activity;sid:84294106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431005)"; flow:established,from_client; content:"GET"; http_method; content:"/770/niceskillwithbetterservicegoodgirlmylover.txt"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"172.245.123.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431005/; classtype:trojan-activity;sid:84294105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431004)"; flow:established,from_client; content:"GET"; http_method; content:"/677/greatnicehingsbetterwithgoodthingsfornewwayofbest.txt"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"185.29.10.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431004/; classtype:trojan-activity;sid:84294104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431002)"; flow:established,from_client; content:"GET"; http_method; content:"/770/niceskillwithbetterservicegoodgirlmylover.gif"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"172.245.123.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431002/; classtype:trojan-activity;sid:84294102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431003)"; flow:established,from_client; content:"GET"; http_method; content:"/114/goodofrmybestthingstogiveubestofthingsgood.txt"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"54.37.131.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431003/; classtype:trojan-activity;sid:84294103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431000)"; flow:established,from_client; content:"GET"; http_method; content:"/677/greatnicehingsbetterwithgoodthingsfornewwayofbest.gif"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"185.29.10.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431000/; classtype:trojan-activity;sid:84294100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.194.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431001/; classtype:trojan-activity;sid:84294101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.55.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430999/; classtype:trojan-activity;sid:84294099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430997)"; flow:established,from_client; content:"GET"; http_method; content:"/99/creambestthingswhichnevergivebestthingsevergive.gif"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"217.160.163.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430997/; classtype:trojan-activity;sid:84294097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430998)"; flow:established,from_client; content:"GET"; http_method; content:"/114/goodofrmybestthingstogiveubestofthingsgood.gif"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"54.37.131.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430998/; classtype:trojan-activity;sid:84294098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.224.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430996/; classtype:trojan-activity;sid:84294096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.129.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430995/; classtype:trojan-activity;sid:84294095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.199.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430994/; classtype:trojan-activity;sid:84294094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430990)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"185.215.113.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430990/; classtype:trojan-activity;sid:84294090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430991)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430991/; classtype:trojan-activity;sid:84294091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430992)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430992/; classtype:trojan-activity;sid:84294092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430993)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430993/; classtype:trojan-activity;sid:84294093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.69.19.6"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430989/; classtype:trojan-activity;sid:84294089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430988)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.42.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430988/; classtype:trojan-activity;sid:84294088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.73.52.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430987/; classtype:trojan-activity;sid:84294087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.225.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430986/; classtype:trojan-activity;sid:84294086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.180.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430985/; classtype:trojan-activity;sid:84294085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.55.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430984/; classtype:trojan-activity;sid:84294084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.87.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430983/; classtype:trojan-activity;sid:84294083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.187.251.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430982/; classtype:trojan-activity;sid:84294082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430979)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google|3f|i=afd3bdce-bad6-4613-95c8-9dfaac5cfb54"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"check.byzi.site"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430979/; classtype:trojan-activity;sid:84294079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430980)"; flow:established,from_client; content:"GET"; http_method; content:"/114/sew/goodofrmybestthingstogiveubestofthingsgood.hta"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"54.37.131.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430980/; classtype:trojan-activity;sid:84294080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430981)"; flow:established,from_client; content:"GET"; http_method; content:"/99/shme/creambestthingswhichnevergivebestthingsevergives.hta"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"217.160.163.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430981/; classtype:trojan-activity;sid:84294081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430978)"; flow:established,from_client; content:"GET"; http_method; content:"/770/sina/niceskillwithbetterservicegoodgirlmylover.hta"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"172.245.123.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430978/; classtype:trojan-activity;sid:84294078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430977)"; flow:established,from_client; content:"GET"; http_method; content:"/677/sumi/specialgiftmakewithbestlovershegoodforbestthingsgood.hta"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"185.29.10.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430977/; classtype:trojan-activity;sid:84294077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430976)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.199.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430976/; classtype:trojan-activity;sid:84294076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.248.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430975/; classtype:trojan-activity;sid:84294075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.69.19.6"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430974/; classtype:trojan-activity;sid:84294074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.236.222.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430973/; classtype:trojan-activity;sid:84294073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.136.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430972/; classtype:trojan-activity;sid:84294072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.73.52.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430971/; classtype:trojan-activity;sid:84294071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.87.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430970/; classtype:trojan-activity;sid:84294070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.135.249.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430968/; classtype:trojan-activity;sid:84294068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430969)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.142.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430969/; classtype:trojan-activity;sid:84294069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.225.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430966/; classtype:trojan-activity;sid:84294066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.105.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430967/; classtype:trojan-activity;sid:84294067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.108.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430965/; classtype:trojan-activity;sid:84294065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.89.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430964/; classtype:trojan-activity;sid:84294064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.95.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430963/; classtype:trojan-activity;sid:84294063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.216.196.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430962/; classtype:trojan-activity;sid:84294062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.222.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430961/; classtype:trojan-activity;sid:84294061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430960)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.194.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430960/; classtype:trojan-activity;sid:84294060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430959)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.105.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430959/; classtype:trojan-activity;sid:84294059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430958/; classtype:trojan-activity;sid:84294058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430957)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.141.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430957/; classtype:trojan-activity;sid:84294057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.150.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430956/; classtype:trojan-activity;sid:84294056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430955)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.3.105"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430955/; classtype:trojan-activity;sid:84294055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.71.24.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430953/; classtype:trojan-activity;sid:84294053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.95.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430954/; classtype:trojan-activity;sid:84294054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.150.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430952/; classtype:trojan-activity;sid:84294052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.83.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430951/; classtype:trojan-activity;sid:84294051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430950)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.225.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430950/; classtype:trojan-activity;sid:84294050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430949)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.107.98.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430949/; classtype:trojan-activity;sid:84294049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430948)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"112.81.45.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430948/; classtype:trojan-activity;sid:84294048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.135.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430947/; classtype:trojan-activity;sid:84294047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.90.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430946/; classtype:trojan-activity;sid:84294046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430945)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.102.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430945/; classtype:trojan-activity;sid:84294045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.24.134.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430942/; classtype:trojan-activity;sid:84294042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.136.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430943/; classtype:trojan-activity;sid:84294043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.194.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430944/; classtype:trojan-activity;sid:84294044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430941)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.125.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430941/; classtype:trojan-activity;sid:84294041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430940)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"172.36.0.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430940/; classtype:trojan-activity;sid:84294040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430939)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.68.58.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430939/; classtype:trojan-activity;sid:84294039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430938)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.142.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430938/; classtype:trojan-activity;sid:84294038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430936)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.63.139.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430936/; classtype:trojan-activity;sid:84294036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430937)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.126.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430937/; classtype:trojan-activity;sid:84294037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.186.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430934/; classtype:trojan-activity;sid:84294034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430935)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430935/; classtype:trojan-activity;sid:84294035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430933)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.14.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430933/; classtype:trojan-activity;sid:84294033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430932)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.60.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430932/; classtype:trojan-activity;sid:84294032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430931)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.54.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430931/; classtype:trojan-activity;sid:84294031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430930)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.39.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430930/; classtype:trojan-activity;sid:84294030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430929)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.3.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430929/; classtype:trojan-activity;sid:84294029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430928)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.233.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430928/; classtype:trojan-activity;sid:84294028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430926)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.239.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430926/; classtype:trojan-activity;sid:84294026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430927)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.185.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430927/; classtype:trojan-activity;sid:84294027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.71.24.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430925/; classtype:trojan-activity;sid:84294025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430924)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/1027962163211554836/1337158674342481991/steamtoolssetup.exe|3f|ex=67a7164f|7c|26|7c|is=67a5c4cf|7c|26|7c|hm=f0c5d0710068910e537f7fd167130c40fe93282bd0fb9c51e973567074106f58|7c|26|7c|"; http_uri; depth:195; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430924/; classtype:trojan-activity;sid:84294024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.89.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430923/; classtype:trojan-activity;sid:84294023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.56.123.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430922/; classtype:trojan-activity;sid:84294022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.243.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430921/; classtype:trojan-activity;sid:84294021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430920)"; flow:established,from_client; content:"GET"; http_method; content:"/stats.php"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430920/; classtype:trojan-activity;sid:84294020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.58.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430919/; classtype:trojan-activity;sid:84294019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.243.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430918/; classtype:trojan-activity;sid:84294018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.246.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430917/; classtype:trojan-activity;sid:84294017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.250.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430916/; classtype:trojan-activity;sid:84294016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430914)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.197.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430914/; classtype:trojan-activity;sid:84294014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.153.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430915/; classtype:trojan-activity;sid:84294015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.224.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430913/; classtype:trojan-activity;sid:84294013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.192.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430912/; classtype:trojan-activity;sid:84294012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.105.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430911/; classtype:trojan-activity;sid:84294011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.6.254.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430910/; classtype:trojan-activity;sid:84294010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.58.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430909/; classtype:trojan-activity;sid:84294009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430908)"; flow:established,from_client; content:"GET"; http_method; content:"/7a4of8.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430908/; classtype:trojan-activity;sid:84294008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430907)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"chmod0777kk.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430907/; classtype:trojan-activity;sid:84294007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.127.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430905/; classtype:trojan-activity;sid:84294005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"38.132.177.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430904/; classtype:trojan-activity;sid:84294004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.87.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430903/; classtype:trojan-activity;sid:84294003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.246.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430902/; classtype:trojan-activity;sid:84294002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.250.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430901/; classtype:trojan-activity;sid:84294001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.194.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430900/; classtype:trojan-activity;sid:84294000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430898)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.199.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430898/; classtype:trojan-activity;sid:84293998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.127.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430899/; classtype:trojan-activity;sid:84293999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430897)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%96%b0%e5%bb%ba%20%e6%96%87%e6%9c%ac%e6%96%87%e6%a1%a3.txt"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"47.99.93.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430897/; classtype:trojan-activity;sid:84293997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.193.11.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430896/; classtype:trojan-activity;sid:84293996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.171.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430894/; classtype:trojan-activity;sid:84293994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.215.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430895/; classtype:trojan-activity;sid:84293995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.194.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430893/; classtype:trojan-activity;sid:84293993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.27.81.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430892/; classtype:trojan-activity;sid:84293992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.132.177.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430891/; classtype:trojan-activity;sid:84293991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430890/; classtype:trojan-activity;sid:84293990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.132.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430889/; classtype:trojan-activity;sid:84293989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.215.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430888/; classtype:trojan-activity;sid:84293988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.192.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430887/; classtype:trojan-activity;sid:84293987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.127.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430886/; classtype:trojan-activity;sid:84293986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430884)"; flow:established,from_client; content:"GET"; http_method; content:"/doku/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430884/; classtype:trojan-activity;sid:84293984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430882)"; flow:established,from_client; content:"GET"; http_method; content:"/sega/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430882/; classtype:trojan-activity;sid:84293982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430881)"; flow:established,from_client; content:"GET"; http_method; content:"/steam.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.66.207.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430881/; classtype:trojan-activity;sid:84293981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.175.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430879/; classtype:trojan-activity;sid:84293979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.16.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430878/; classtype:trojan-activity;sid:84293978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430877)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.218.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430877/; classtype:trojan-activity;sid:84293977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.193.11.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430876/; classtype:trojan-activity;sid:84293976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.7.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430875/; classtype:trojan-activity;sid:84293975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.188.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430874/; classtype:trojan-activity;sid:84293974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430873)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.233.237.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430873/; classtype:trojan-activity;sid:84293973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.11.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430872/; classtype:trojan-activity;sid:84293972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.141.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430871/; classtype:trojan-activity;sid:84293971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430870)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.231.157.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430870/; classtype:trojan-activity;sid:84293970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430869)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.239.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430869/; classtype:trojan-activity;sid:84293969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.29.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430868/; classtype:trojan-activity;sid:84293968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430867)"; flow:established,from_client; content:"GET"; http_method; content:"/heh/output/client/cabalmain.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"185.105.116.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430867/; classtype:trojan-activity;sid:84293967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430866)"; flow:established,from_client; content:"GET"; http_method; content:"/heh/output/client/cabal.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.105.116.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430866/; classtype:trojan-activity;sid:84293966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430865)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6857243638/9ia6i3m.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430865/; classtype:trojan-activity;sid:84293965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.16.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430864/; classtype:trojan-activity;sid:84293964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.175.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430863/; classtype:trojan-activity;sid:84293963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.166.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430862/; classtype:trojan-activity;sid:84293962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430861)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.127.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430861/; classtype:trojan-activity;sid:84293961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.176.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430860/; classtype:trojan-activity;sid:84293960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.188.80.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430859/; classtype:trojan-activity;sid:84293959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.233.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430858/; classtype:trojan-activity;sid:84293958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430847)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"68.69.186.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430847/; classtype:trojan-activity;sid:84293947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430848)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"68.69.186.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430848/; classtype:trojan-activity;sid:84293948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430849)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.69.186.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430849/; classtype:trojan-activity;sid:84293949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430850)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.69.186.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430850/; classtype:trojan-activity;sid:84293950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430851)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.69.186.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430851/; classtype:trojan-activity;sid:84293951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430852)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"68.69.186.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430852/; classtype:trojan-activity;sid:84293952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430853)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"68.69.186.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430853/; classtype:trojan-activity;sid:84293953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430854)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.69.186.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430854/; classtype:trojan-activity;sid:84293954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430855)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.69.186.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430855/; classtype:trojan-activity;sid:84293955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430856)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.69.186.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430856/; classtype:trojan-activity;sid:84293956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430857)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"68.69.186.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430857/; classtype:trojan-activity;sid:84293957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.117.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430846/; classtype:trojan-activity;sid:84293946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430845)"; flow:established,from_client; content:"GET"; http_method; content:"/zoax33/utils/blob/master/savedecrypter.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430845/; classtype:trojan-activity;sid:84293945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.231.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430844/; classtype:trojan-activity;sid:84293944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430843)"; flow:established,from_client; content:"GET"; http_method; content:"/zoax33/utils/refs/heads/master/savedecrypter.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430843/; classtype:trojan-activity;sid:84293943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430842)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.220.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430842/; classtype:trojan-activity;sid:84293942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.97.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430841/; classtype:trojan-activity;sid:84293941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.51.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430840/; classtype:trojan-activity;sid:84293940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430839)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cnc.axonstress.fun"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430839/; classtype:trojan-activity;sid:84293939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430838)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cnc.axonstress.fun"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430838/; classtype:trojan-activity;sid:84293938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430837)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cnc.axonstress.fun"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430837/; classtype:trojan-activity;sid:84293937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430836)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cnc.axonstress.fun"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430836/; classtype:trojan-activity;sid:84293936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430835)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cnc.axonstress.fun"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430835/; classtype:trojan-activity;sid:84293935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430828)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cnc.axonstress.fun"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430828/; classtype:trojan-activity;sid:84293928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430829)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cnc.axonstress.fun"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430829/; classtype:trojan-activity;sid:84293929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430830)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"cnc.axonstress.fun"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430830/; classtype:trojan-activity;sid:84293930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430831)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cnc.axonstress.fun"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430831/; classtype:trojan-activity;sid:84293931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430832)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cnc.axonstress.fun"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430832/; classtype:trojan-activity;sid:84293932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430833)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cnc.axonstress.fun"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430833/; classtype:trojan-activity;sid:84293933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.84.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430834/; classtype:trojan-activity;sid:84293934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430827)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"31.58.58.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430827/; classtype:trojan-activity;sid:84293927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.7.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430826/; classtype:trojan-activity;sid:84293926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430821)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.58.58.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430821/; classtype:trojan-activity;sid:84293921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430822)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.58.58.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430822/; classtype:trojan-activity;sid:84293922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430823)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"31.58.58.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430823/; classtype:trojan-activity;sid:84293923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430824)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.58.58.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430824/; classtype:trojan-activity;sid:84293924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430825)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"31.58.58.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430825/; classtype:trojan-activity;sid:84293925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430820)"; flow:established,from_client; content:"GET"; http_method; content:"/apps/bitcoin3000.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"xurupitacoin.digital"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430820/; classtype:trojan-activity;sid:84293920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430815)"; flow:established,from_client; content:"GET"; http_method; content:"/apps/appbitcoin.bat"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"xurupitacoin.digital"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430815/; classtype:trojan-activity;sid:84293915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430816)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"31.58.58.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430816/; classtype:trojan-activity;sid:84293916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430817)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"31.58.58.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430817/; classtype:trojan-activity;sid:84293917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430818)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"31.58.58.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430818/; classtype:trojan-activity;sid:84293918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430819)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"31.58.58.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430819/; classtype:trojan-activity;sid:84293919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.188.80.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430814/; classtype:trojan-activity;sid:84293914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430813/; classtype:trojan-activity;sid:84293913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.231.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430812/; classtype:trojan-activity;sid:84293912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430811)"; flow:established,from_client; content:"GET"; http_method; content:"/d/wcr6kvxw/0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430811/; classtype:trojan-activity;sid:84293911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430810)"; flow:established,from_client; content:"GET"; http_method; content:"/download/new_image_tasks/new_image_tasks.jpg"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"archive.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430810/; classtype:trojan-activity;sid:84293910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430809)"; flow:established,from_client; content:"GET"; http_method; content:"/ussr/joy.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mexfex.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430809/; classtype:trojan-activity;sid:84293909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.141.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430808/; classtype:trojan-activity;sid:84293908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.51.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430807/; classtype:trojan-activity;sid:84293907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430804)"; flow:established,from_client; content:"GET"; http_method; content:"/darkinsi/poc/blob/main/hyperion.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430804/; classtype:trojan-activity;sid:84293904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430805)"; flow:established,from_client; content:"GET"; http_method; content:"/darkinsi/poc/blob/main/hyperionloader.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430805/; classtype:trojan-activity;sid:84293905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430806)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"raw2.intenseapi.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430806/; classtype:trojan-activity;sid:84293906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430802)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7127524582/s4mpdbi.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430802/; classtype:trojan-activity;sid:84293902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430803)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7127524582/uyhabfn.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430803/; classtype:trojan-activity;sid:84293903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.210.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430801/; classtype:trojan-activity;sid:84293901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.162.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430800/; classtype:trojan-activity;sid:84293900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430799)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.82.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430799/; classtype:trojan-activity;sid:84293899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.201.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430798/; classtype:trojan-activity;sid:84293898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.137.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430797/; classtype:trojan-activity;sid:84293897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430796)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.ooia.site"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430796/; classtype:trojan-activity;sid:84293896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430793)"; flow:established,from_client; content:"GET"; http_method; content:"/honkshefter/sundshefter/refs/heads/main/update.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430793/; classtype:trojan-activity;sid:84293893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430794)"; flow:established,from_client; content:"GET"; http_method; content:"/honkshefter/sundshefter/raw/refs/heads/main/update.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430794/; classtype:trojan-activity;sid:84293894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.164.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430795/; classtype:trojan-activity;sid:84293895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430792)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.58.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430792/; classtype:trojan-activity;sid:84293892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.165.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430791/; classtype:trojan-activity;sid:84293891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430790)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.20.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430790/; classtype:trojan-activity;sid:84293890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430788)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.224.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430788/; classtype:trojan-activity;sid:84293888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430789)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.170.224.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430789/; classtype:trojan-activity;sid:84293889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.83.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430787/; classtype:trojan-activity;sid:84293887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.44.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430786/; classtype:trojan-activity;sid:84293886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.45.56.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430784/; classtype:trojan-activity;sid:84293884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.87.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430785/; classtype:trojan-activity;sid:84293885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.137.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430783/; classtype:trojan-activity;sid:84293883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430782)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.179.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430782/; classtype:trojan-activity;sid:84293882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.86.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430781/; classtype:trojan-activity;sid:84293881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.47.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430780/; classtype:trojan-activity;sid:84293880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.45.56.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430778/; classtype:trojan-activity;sid:84293878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.47.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430779/; classtype:trojan-activity;sid:84293879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.44.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430776/; classtype:trojan-activity;sid:84293876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.86.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430777/; classtype:trojan-activity;sid:84293877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.186.216.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430774/; classtype:trojan-activity;sid:84293874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.186.216.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430775/; classtype:trojan-activity;sid:84293875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430773/; classtype:trojan-activity;sid:84293873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430772)"; flow:established,from_client; content:"GET"; http_method; content:"/about/download/|3f|windows10syncclientinstalled=false"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430772/; classtype:trojan-activity;sid:84293872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430771)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.77.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430771/; classtype:trojan-activity;sid:84293871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.131.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430770/; classtype:trojan-activity;sid:84293870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430769)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.27.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430769/; classtype:trojan-activity;sid:84293869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.20.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430768/; classtype:trojan-activity;sid:84293868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430767)"; flow:established,from_client; content:"GET"; http_method; content:"/cro.bin"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cattozzo.it"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430767/; classtype:trojan-activity;sid:84293867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430765)"; flow:established,from_client; content:"GET"; http_method; content:"/pfqlfz130.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"195.211.190.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430765/; classtype:trojan-activity;sid:84293865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430766)"; flow:established,from_client; content:"GET"; http_method; content:"/vfstv225.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"85.209.128.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430766/; classtype:trojan-activity;sid:84293866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.193.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430764/; classtype:trojan-activity;sid:84293864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430763)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpya"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"149.28.156.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430763/; classtype:trojan-activity;sid:84293863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.11.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430762/; classtype:trojan-activity;sid:84293862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.8.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430760/; classtype:trojan-activity;sid:84293860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.250.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430761/; classtype:trojan-activity;sid:84293861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430759)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.253.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430759/; classtype:trojan-activity;sid:84293859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430758)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.128.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430758/; classtype:trojan-activity;sid:84293858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.64.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430757/; classtype:trojan-activity;sid:84293857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.11.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430756/; classtype:trojan-activity;sid:84293856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.177.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430755/; classtype:trojan-activity;sid:84293855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.24.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430754/; classtype:trojan-activity;sid:84293854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.129.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430753/; classtype:trojan-activity;sid:84293853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.193.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430752/; classtype:trojan-activity;sid:84293852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.250.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430751/; classtype:trojan-activity;sid:84293851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.144.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430750/; classtype:trojan-activity;sid:84293850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.21.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430749/; classtype:trojan-activity;sid:84293849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430748)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430748/; classtype:trojan-activity;sid:84293848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.9.41.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430747/; classtype:trojan-activity;sid:84293847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.20.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430746/; classtype:trojan-activity;sid:84293846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.28.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430745/; classtype:trojan-activity;sid:84293845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.31.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430744/; classtype:trojan-activity;sid:84293844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430740)"; flow:established,from_client; content:"GET"; http_method; content:"/mailclone2500/bot1/blob/main/bot1.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430740/; classtype:trojan-activity;sid:84293840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430741)"; flow:established,from_client; content:"GET"; http_method; content:"/mailclone2500/stealer/blob/main/setup%20apk.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430741/; classtype:trojan-activity;sid:84293841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430742)"; flow:established,from_client; content:"GET"; http_method; content:"/mailclone2500/cc/blob/main/bot.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430742/; classtype:trojan-activity;sid:84293842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430743)"; flow:established,from_client; content:"GET"; http_method; content:"/mailclone2500/stealer/blob/main/path.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430743/; classtype:trojan-activity;sid:84293843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430739)"; flow:established,from_client; content:"GET"; http_method; content:"/mailclone2500/stealer/blob/main/linkedintuvandat.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430739/; classtype:trojan-activity;sid:84293839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430738)"; flow:established,from_client; content:"GET"; http_method; content:"/mailclone2500/stealer/blob/main/xclient.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430738/; classtype:trojan-activity;sid:84293838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430735)"; flow:established,from_client; content:"GET"; http_method; content:"/mailclone2500/stealer/blob/main/windows_update.py"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430735/; classtype:trojan-activity;sid:84293835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.30.70.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430736/; classtype:trojan-activity;sid:84293836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430737)"; flow:established,from_client; content:"GET"; http_method; content:"/mailclone2500/stealer/blob/main/bot_cookie.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430737/; classtype:trojan-activity;sid:84293837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.177.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430734/; classtype:trojan-activity;sid:84293834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.98.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430733/; classtype:trojan-activity;sid:84293833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.63.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430732/; classtype:trojan-activity;sid:84293832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430731/; classtype:trojan-activity;sid:84293831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.248.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430730/; classtype:trojan-activity;sid:84293830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.250.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430729/; classtype:trojan-activity;sid:84293829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.30.70.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430728/; classtype:trojan-activity;sid:84293828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.183.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430726/; classtype:trojan-activity;sid:84293826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.208.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430727/; classtype:trojan-activity;sid:84293827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.216.196.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430725/; classtype:trojan-activity;sid:84293825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.211.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430724/; classtype:trojan-activity;sid:84293824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.160.18.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430723/; classtype:trojan-activity;sid:84293823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.37.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430722/; classtype:trojan-activity;sid:84293822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.10.101.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430721/; classtype:trojan-activity;sid:84293821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.188.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430720/; classtype:trojan-activity;sid:84293820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.8.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430719/; classtype:trojan-activity;sid:84293819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430703)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"urabotnet.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430703/; classtype:trojan-activity;sid:84293803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430704)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"urabotnet.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430704/; classtype:trojan-activity;sid:84293804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430705)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"urabotnet.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430705/; classtype:trojan-activity;sid:84293805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430706)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"urabotnet.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430706/; classtype:trojan-activity;sid:84293806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430707)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"urabotnet.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430707/; classtype:trojan-activity;sid:84293807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430708)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"urabotnet.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430708/; classtype:trojan-activity;sid:84293808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430709)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"urabotnet.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430709/; classtype:trojan-activity;sid:84293809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430710)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"urabotnet.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430710/; classtype:trojan-activity;sid:84293810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430711)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"urabotnet.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430711/; classtype:trojan-activity;sid:84293811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430712)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"urabotnet.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430712/; classtype:trojan-activity;sid:84293812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430713)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"urabotnet.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430713/; classtype:trojan-activity;sid:84293813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430714)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"urabotnet.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430714/; classtype:trojan-activity;sid:84293814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430715)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"urabotnet.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430715/; classtype:trojan-activity;sid:84293815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430716)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"urabotnet.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430716/; classtype:trojan-activity;sid:84293816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430717)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"urabotnet.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430717/; classtype:trojan-activity;sid:84293817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430718)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"urabotnet.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430718/; classtype:trojan-activity;sid:84293818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.66.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430702/; classtype:trojan-activity;sid:84293802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.63.139.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430701/; classtype:trojan-activity;sid:84293801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.208.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430700/; classtype:trojan-activity;sid:84293800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.12.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430699/; classtype:trojan-activity;sid:84293799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430698)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.94.142.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430698/; classtype:trojan-activity;sid:84293798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.166.202.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430697/; classtype:trojan-activity;sid:84293797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.248.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430696/; classtype:trojan-activity;sid:84293796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.50.57.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430695/; classtype:trojan-activity;sid:84293795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430694)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.ouyo.site"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430694/; classtype:trojan-activity;sid:84293794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.170.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430693/; classtype:trojan-activity;sid:84293793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.41.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430692/; classtype:trojan-activity;sid:84293792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.250.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430691/; classtype:trojan-activity;sid:84293791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430689)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.140.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430689/; classtype:trojan-activity;sid:84293789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430690)"; flow:established,from_client; content:"GET"; http_method; content:"/rjfe686"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.140.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430690/; classtype:trojan-activity;sid:84293790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430681)"; flow:established,from_client; content:"GET"; http_method; content:"/eehah4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.140.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430681/; classtype:trojan-activity;sid:84293781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430682)"; flow:established,from_client; content:"GET"; http_method; content:"/vejfa5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.140.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430682/; classtype:trojan-activity;sid:84293782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430683)"; flow:established,from_client; content:"GET"; http_method; content:"/efefa7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.140.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430683/; classtype:trojan-activity;sid:84293783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430684)"; flow:established,from_client; content:"GET"; http_method; content:"/jfeeps"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.140.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430684/; classtype:trojan-activity;sid:84293784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430685)"; flow:established,from_client; content:"GET"; http_method; content:"/vjwe68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.140.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430685/; classtype:trojan-activity;sid:84293785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430686)"; flow:established,from_client; content:"GET"; http_method; content:"/drea4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.140.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430686/; classtype:trojan-activity;sid:84293786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430687)"; flow:established,from_client; content:"GET"; http_method; content:"/weje64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.140.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430687/; classtype:trojan-activity;sid:84293787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430688)"; flow:established,from_client; content:"GET"; http_method; content:"/efea6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.140.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430688/; classtype:trojan-activity;sid:84293788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430677)"; flow:established,from_client; content:"GET"; http_method; content:"/bejv86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.140.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430677/; classtype:trojan-activity;sid:84293777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430678)"; flow:established,from_client; content:"GET"; http_method; content:"/b.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.140.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430678/; classtype:trojan-activity;sid:84293778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430679)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.140.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430679/; classtype:trojan-activity;sid:84293779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430680)"; flow:established,from_client; content:"GET"; http_method; content:"/efjepc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.140.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430680/; classtype:trojan-activity;sid:84293780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430676)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/92ynf19y541hmun1hkpsz/file_assistance_plugin.exe|3f|rlkey=cuqe4sz27tloa3epaqin5edgc|7c|26|7c|st=bc4ppnuo|7c|26|7c|dl=1"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430676/; classtype:trojan-activity;sid:84293776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.239.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430675/; classtype:trojan-activity;sid:84293775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.112.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430674/; classtype:trojan-activity;sid:84293774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430673)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/koc/ck/nicegirlsheverynicepersonalitygoodbeautifulgirlfrined.hta"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"185.29.10.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430673/; classtype:trojan-activity;sid:84293773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430672)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/icvpzbx4vn6lcthva168z/zzjg.zip|3f|rlkey=kntc36792grkm64xriqputbdq|7c|26|7c|st=px51yl8u|7c|26|7c|dl=1%20ht"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430672/; classtype:trojan-activity;sid:84293772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.10.101.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430671/; classtype:trojan-activity;sid:84293771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.104.192.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430669/; classtype:trojan-activity;sid:84293769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.106.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430670/; classtype:trojan-activity;sid:84293770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430667/; classtype:trojan-activity;sid:84293767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.12.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430668/; classtype:trojan-activity;sid:84293768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.159.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430666/; classtype:trojan-activity;sid:84293766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.9.237"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430665/; classtype:trojan-activity;sid:84293765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430664)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.208.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430664/; classtype:trojan-activity;sid:84293764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.126.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430663/; classtype:trojan-activity;sid:84293763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430662)"; flow:established,from_client; content:"GET"; http_method; content:"/9bn8mp.dat"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430662/; classtype:trojan-activity;sid:84293762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.170.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430661/; classtype:trojan-activity;sid:84293761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.211.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430660/; classtype:trojan-activity;sid:84293760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.50.57.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430659/; classtype:trojan-activity;sid:84293759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.253.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430658/; classtype:trojan-activity;sid:84293758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.56.234"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430657/; classtype:trojan-activity;sid:84293757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.12.177.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430655/; classtype:trojan-activity;sid:84293755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.254.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430656/; classtype:trojan-activity;sid:84293756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.10.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430654/; classtype:trojan-activity;sid:84293754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.102.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430652/; classtype:trojan-activity;sid:84293752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.172.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430653/; classtype:trojan-activity;sid:84293753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430651)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.132.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430651/; classtype:trojan-activity;sid:84293751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.186.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430650/; classtype:trojan-activity;sid:84293750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.239.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430649/; classtype:trojan-activity;sid:84293749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430648)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"194.85.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430648/; classtype:trojan-activity;sid:84293748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430647)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430647/; classtype:trojan-activity;sid:84293747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"161.248.55.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430646/; classtype:trojan-activity;sid:84293746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430645)"; flow:established,from_client; content:"GET"; http_method; content:"/231/cann.exe.bk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"198.23.187.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430645/; classtype:trojan-activity;sid:84293745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430644)"; flow:established,from_client; content:"GET"; http_method; content:"/8p7go1.wav"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430644/; classtype:trojan-activity;sid:84293744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430643)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430643/; classtype:trojan-activity;sid:84293743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430637)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430637/; classtype:trojan-activity;sid:84293737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430638)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430638/; classtype:trojan-activity;sid:84293738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430639)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.21.165.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430639/; classtype:trojan-activity;sid:84293739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430640)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430640/; classtype:trojan-activity;sid:84293740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430641)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.1.143"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430641/; classtype:trojan-activity;sid:84293741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430642)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.49.35.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430642/; classtype:trojan-activity;sid:84293742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430635)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.254.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430635/; classtype:trojan-activity;sid:84293735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430636)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.210.225.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430636/; classtype:trojan-activity;sid:84293736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430634)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.237.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430634/; classtype:trojan-activity;sid:84293734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430633)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.231.187.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430633/; classtype:trojan-activity;sid:84293733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.166.202.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430632/; classtype:trojan-activity;sid:84293732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430631)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.79.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430631/; classtype:trojan-activity;sid:84293731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430630)"; flow:established,from_client; content:"GET"; http_method; content:"/231/cann.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"198.23.187.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430630/; classtype:trojan-activity;sid:84293730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.186.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430629/; classtype:trojan-activity;sid:84293729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.183.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430628/; classtype:trojan-activity;sid:84293728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.99.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430627/; classtype:trojan-activity;sid:84293727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.190.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430626/; classtype:trojan-activity;sid:84293726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.120.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430625/; classtype:trojan-activity;sid:84293725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.37.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430624/; classtype:trojan-activity;sid:84293724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430622)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.104.192.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430622/; classtype:trojan-activity;sid:84293722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430623)"; flow:established,from_client; content:"GET"; http_method; content:"/680/csee.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"198.12.81.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430623/; classtype:trojan-activity;sid:84293723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.237.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430621/; classtype:trojan-activity;sid:84293721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.45.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430620/; classtype:trojan-activity;sid:84293720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.56.234"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430619/; classtype:trojan-activity;sid:84293719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.61.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430617/; classtype:trojan-activity;sid:84293717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.177.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430618/; classtype:trojan-activity;sid:84293718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430616)"; flow:established,from_client; content:"GET"; http_method; content:"/5433/mydreamgirlsheismybestgirleveriseenwithherlovergood.gif"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"15.235.203.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430616/; classtype:trojan-activity;sid:84293716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430615)"; flow:established,from_client; content:"GET"; http_method; content:"/dgohu7slx/image/upload/v1738845004/kdxzmeyl41f1ssmyh4ax.jpg"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"res.cloudinary.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430615/; classtype:trojan-activity;sid:84293715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.244.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430614/; classtype:trojan-activity;sid:84293714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.102.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430612/; classtype:trojan-activity;sid:84293712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.107.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430613/; classtype:trojan-activity;sid:84293713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430611)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"184.171.219.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430611/; classtype:trojan-activity;sid:84293711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.30.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430610/; classtype:trojan-activity;sid:84293710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.102.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430609/; classtype:trojan-activity;sid:84293709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.172.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430608/; classtype:trojan-activity;sid:84293708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.95.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430607/; classtype:trojan-activity;sid:84293707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.45.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430606/; classtype:trojan-activity;sid:84293706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.255.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430605/; classtype:trojan-activity;sid:84293705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430604)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/blocks/categories/husan/rediction.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"nascacs.co.za"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430604/; classtype:trojan-activity;sid:84293704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430603)"; flow:established,from_client; content:"GET"; http_method; content:"/public_html/cdudley/img/defender/dhcud0.hta"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"christinadudley.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430603/; classtype:trojan-activity;sid:84293703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430602)"; flow:established,from_client; content:"GET"; http_method; content:"/fifbank.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"gopay.stockadv.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430602/; classtype:trojan-activity;sid:84293702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430601)"; flow:established,from_client; content:"GET"; http_method; content:"/128/miya/greatdaybecomegoodforeverybodytogivemebestthingsforme.hta"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"51.75.91.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430601/; classtype:trojan-activity;sid:84293701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430600)"; flow:established,from_client; content:"GET"; http_method; content:"/tipitaka.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"84000.org"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430600/; classtype:trojan-activity;sid:84293700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430599)"; flow:established,from_client; content:"GET"; http_method; content:"/files/martin3/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430599/; classtype:trojan-activity;sid:84293699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430598)"; flow:established,from_client; content:"GET"; http_method; content:"/rr.txt"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"imgdown.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430598/; classtype:trojan-activity;sid:84293698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430595)"; flow:established,from_client; content:"GET"; http_method; content:"/5433/mydreamgirlsheismybestgirleveriseenwithherlovergood.txt"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"15.235.203.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430595/; classtype:trojan-activity;sid:84293695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430596)"; flow:established,from_client; content:"GET"; http_method; content:"/files/reversesheller/random.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430596/; classtype:trojan-activity;sid:84293696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430597)"; flow:established,from_client; content:"GET"; http_method; content:"/2014/07/28/05/976842561.jpg"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"www12.0zz0.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430597/; classtype:trojan-activity;sid:84293697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430593)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/pomo/1002/xaykg0.hta"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"kovbas.market"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430593/; classtype:trojan-activity;sid:84293693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430594)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5814572372/naeqbms.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430594/; classtype:trojan-activity;sid:84293694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430592)"; flow:established,from_client; content:"GET"; http_method; content:"/nonka.hta"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"212.8.244.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430592/; classtype:trojan-activity;sid:84293692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430589)"; flow:established,from_client; content:"GET"; http_method; content:"/5433/nuwm/mydreamgirlsheismybestgirleveriseenwithherlovergood.hta"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"15.235.203.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430589/; classtype:trojan-activity;sid:84293689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430590)"; flow:established,from_client; content:"GET"; http_method; content:"/files/748049926/gjzwgbz.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430590/; classtype:trojan-activity;sid:84293690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430591)"; flow:established,from_client; content:"GET"; http_method; content:"/jhas.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.99.93.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430591/; classtype:trojan-activity;sid:84293691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430587)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.zovy.site"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430587/; classtype:trojan-activity;sid:84293687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430588)"; flow:established,from_client; content:"GET"; http_method; content:"/315/cann.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"198.12.81.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430588/; classtype:trojan-activity;sid:84293688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430582)"; flow:established,from_client; content:"GET"; http_method; content:"/rz.hta"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"envs.sh"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430582/; classtype:trojan-activity;sid:84293682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430583)"; flow:established,from_client; content:"GET"; http_method; content:"/barhom1/brobr/main/windowsservices.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430583/; classtype:trojan-activity;sid:84293683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430584)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.aaao.site"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430584/; classtype:trojan-activity;sid:84293684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430585)"; flow:established,from_client; content:"GET"; http_method; content:"/shram88/setup/raw/main/bin2.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430585/; classtype:trojan-activity;sid:84293685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430586)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1961451777/q8viz0w.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430586/; classtype:trojan-activity;sid:84293686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430578)"; flow:established,from_client; content:"GET"; http_method; content:"/belyy-git/karahook/raw/refs/heads/master/chsztdjvl.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430578/; classtype:trojan-activity;sid:84293678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430579)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7788061076/l65uni1.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430579/; classtype:trojan-activity;sid:84293679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430580)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6691015685/1vb7gm8.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430580/; classtype:trojan-activity;sid:84293680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430581)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7788061076/af53ygc.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430581/; classtype:trojan-activity;sid:84293681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430573)"; flow:established,from_client; content:"GET"; http_method; content:"/lbimxvb/eechnnybrr025.hta"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"facturasolegs.shop"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430573/; classtype:trojan-activity;sid:84293673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430574)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/nvc/greatnamechangedwithgoodnews.hta"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"198.12.81.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430574/; classtype:trojan-activity;sid:84293674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430575)"; flow:established,from_client; content:"GET"; http_method; content:"/zoax33/utils/raw/refs/heads/master/savedecrypter.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430575/; classtype:trojan-activity;sid:84293675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430576)"; flow:established,from_client; content:"GET"; http_method; content:"/belyy-git/karahook/refs/heads/master/chsztdjvl.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430576/; classtype:trojan-activity;sid:84293676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430577)"; flow:established,from_client; content:"GET"; http_method; content:"/3f7b9d2a/load.hta"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"d29oq7wavgftcc.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430577/; classtype:trojan-activity;sid:84293677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.10.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430569/; classtype:trojan-activity;sid:84293669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430570)"; flow:established,from_client; content:"GET"; http_method; content:"/s6.hta"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"budgetshop.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430570/; classtype:trojan-activity;sid:84293670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430571)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/caba/createdbestgirlfriendwholovesmealotwithme.hta"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"198.23.187.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430571/; classtype:trojan-activity;sid:84293671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.201.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430572/; classtype:trojan-activity;sid:84293672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430566)"; flow:established,from_client; content:"GET"; http_method; content:"/belyy-git/karahook/blob/master/chsztdjvl.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430566/; classtype:trojan-activity;sid:84293666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430567)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.eiau.site"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430567/; classtype:trojan-activity;sid:84293667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430568)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.215.113.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430568/; classtype:trojan-activity;sid:84293668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430561)"; flow:established,from_client; content:"GET"; http_method; content:"/unknownhat8353/virus/refs/heads/main/serverx.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430561/; classtype:trojan-activity;sid:84293661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430562)"; flow:established,from_client; content:"GET"; http_method; content:"/stf/rmoxnyjs_30012025.hta"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"facturasolegs.shop"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430562/; classtype:trojan-activity;sid:84293662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430563)"; flow:established,from_client; content:"GET"; http_method; content:"/out-186313244.hta"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ffgh2321s.altervista.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430563/; classtype:trojan-activity;sid:84293663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430564)"; flow:established,from_client; content:"GET"; http_method; content:"/bthlngywy/nnhxhezr2025.hta"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"facturasgaso.shop"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430564/; classtype:trojan-activity;sid:84293664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430565)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/cno/nicekidsforlovesomeone.hta"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"198.12.81.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430565/; classtype:trojan-activity;sid:84293665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430554)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1519595806/4hnr8kr.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430554/; classtype:trojan-activity;sid:84293654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430555)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5803047068/69lriu5.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430555/; classtype:trojan-activity;sid:84293655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430556)"; flow:established,from_client; content:"GET"; http_method; content:"/236/suwce.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"198.12.81.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430556/; classtype:trojan-activity;sid:84293656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430557)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/css/files/db/acr/|3f|1.hta1.hta1.hta1.hta1.hta1.hta1.hta1.hta1.hta"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"162.241.85.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430557/; classtype:trojan-activity;sid:84293657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430558)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.hta"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"146.70.169.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430558/; classtype:trojan-activity;sid:84293658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430559)"; flow:established,from_client; content:"GET"; http_method; content:"/231/crm/seethebestthingstodoverygoodthingsforbetterperforman.hta"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"107.175.130.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430559/; classtype:trojan-activity;sid:84293659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430560)"; flow:established,from_client; content:"GET"; http_method; content:"/231/createdbestthingsgivenmebestofluckwithlovergivebest.txt"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"107.175.130.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430560/; classtype:trojan-activity;sid:84293660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.164.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430553/; classtype:trojan-activity;sid:84293653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430551)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.ueyu.site"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430551/; classtype:trojan-activity;sid:84293651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430552)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/crce/megivenbestthingswithentrielifefornewfamilylifegivenmeebbest.hta"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"198.12.81.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430552/; classtype:trojan-activity;sid:84293652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430550)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.191.245.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430550/; classtype:trojan-activity;sid:84293650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430548)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.191.245.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430548/; classtype:trojan-activity;sid:84293648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430549)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.191.245.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430549/; classtype:trojan-activity;sid:84293649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430547)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.191.245.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430547/; classtype:trojan-activity;sid:84293647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430542)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.191.245.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430542/; classtype:trojan-activity;sid:84293642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430543)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.191.245.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430543/; classtype:trojan-activity;sid:84293643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430544)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"160.191.245.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430544/; classtype:trojan-activity;sid:84293644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430545)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.191.245.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430545/; classtype:trojan-activity;sid:84293645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430546)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.191.245.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430546/; classtype:trojan-activity;sid:84293646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430540)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.191.245.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430540/; classtype:trojan-activity;sid:84293640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430541)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.191.245.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430541/; classtype:trojan-activity;sid:84293641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430539)"; flow:established,from_client; content:"GET"; http_method; content:"/mailclone2500/stealer/raw/refs/heads/main/linkedintuvandat.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430539/; classtype:trojan-activity;sid:84293639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.95.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430538/; classtype:trojan-activity;sid:84293638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.234.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430537/; classtype:trojan-activity;sid:84293637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.102.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430536/; classtype:trojan-activity;sid:84293636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.237.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430535/; classtype:trojan-activity;sid:84293635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.83.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430534/; classtype:trojan-activity;sid:84293634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.123.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430533/; classtype:trojan-activity;sid:84293633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.255.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430532/; classtype:trojan-activity;sid:84293632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.113.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430531/; classtype:trojan-activity;sid:84293631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.169.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430530/; classtype:trojan-activity;sid:84293630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.127.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430529/; classtype:trojan-activity;sid:84293629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.164.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430527/; classtype:trojan-activity;sid:84293627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.10.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430528/; classtype:trojan-activity;sid:84293628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.31.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430526/; classtype:trojan-activity;sid:84293626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.243.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430525/; classtype:trojan-activity;sid:84293625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.191.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430524/; classtype:trojan-activity;sid:84293624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430523)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.60.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430523/; classtype:trojan-activity;sid:84293623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.133.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430522/; classtype:trojan-activity;sid:84293622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.199.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430521/; classtype:trojan-activity;sid:84293621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.11.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430520/; classtype:trojan-activity;sid:84293620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.70.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430519/; classtype:trojan-activity;sid:84293619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.185.49.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430518/; classtype:trojan-activity;sid:84293618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.233.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430517/; classtype:trojan-activity;sid:84293617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430516)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.162.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430516/; classtype:trojan-activity;sid:84293616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.186.216.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430514/; classtype:trojan-activity;sid:84293614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.83.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430515/; classtype:trojan-activity;sid:84293615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.11.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430513/; classtype:trojan-activity;sid:84293613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430512)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.24.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430512/; classtype:trojan-activity;sid:84293612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.237.198.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430511/; classtype:trojan-activity;sid:84293611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430510)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.69.21.25"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430510/; classtype:trojan-activity;sid:84293610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.83.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430509/; classtype:trojan-activity;sid:84293609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.211.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430508/; classtype:trojan-activity;sid:84293608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.199.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430507/; classtype:trojan-activity;sid:84293607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.231.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430506/; classtype:trojan-activity;sid:84293606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.138.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430505/; classtype:trojan-activity;sid:84293605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.49.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430503/; classtype:trojan-activity;sid:84293603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.233.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430504/; classtype:trojan-activity;sid:84293604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.69.21.25"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430502/; classtype:trojan-activity;sid:84293602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.70.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430501/; classtype:trojan-activity;sid:84293601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430500)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.15.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430500/; classtype:trojan-activity;sid:84293600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.125.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430499/; classtype:trojan-activity;sid:84293599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430498)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.50.135.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430498/; classtype:trojan-activity;sid:84293598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.162.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430497/; classtype:trojan-activity;sid:84293597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.31.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430496/; classtype:trojan-activity;sid:84293596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.233.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430495/; classtype:trojan-activity;sid:84293595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.211.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430494/; classtype:trojan-activity;sid:84293594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.179.192.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430493/; classtype:trojan-activity;sid:84293593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.138.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430492/; classtype:trojan-activity;sid:84293592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.6.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430491/; classtype:trojan-activity;sid:84293591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.75.199.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430490/; classtype:trojan-activity;sid:84293590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.55.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430489/; classtype:trojan-activity;sid:84293589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.189.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430488/; classtype:trojan-activity;sid:84293588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.121.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430487/; classtype:trojan-activity;sid:84293587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430486)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.69.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430486/; classtype:trojan-activity;sid:84293586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.142.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430485/; classtype:trojan-activity;sid:84293585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.228.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430484/; classtype:trojan-activity;sid:84293584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.211.8.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430482/; classtype:trojan-activity;sid:84293582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430483)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.6.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430483/; classtype:trojan-activity;sid:84293583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.125.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430481/; classtype:trojan-activity;sid:84293581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.227.7.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430480/; classtype:trojan-activity;sid:84293580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.209.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430479/; classtype:trojan-activity;sid:84293579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.51.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430478/; classtype:trojan-activity;sid:84293578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.69.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430477/; classtype:trojan-activity;sid:84293577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.31.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430476/; classtype:trojan-activity;sid:84293576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430475)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.179.192.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430475/; classtype:trojan-activity;sid:84293575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.38.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430474/; classtype:trojan-activity;sid:84293574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.55.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430473/; classtype:trojan-activity;sid:84293573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430472)"; flow:established,from_client; content:"GET"; http_method; content:"/19fy"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"agbellevueproperty.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430472/; classtype:trojan-activity;sid:84293572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430467)"; flow:established,from_client; content:"GET"; http_method; content:"/sign-in|3f|op_token=zxj81egvvyxv0ackyaqounlo3mm9it2qznk5un3prm3bpcmgscwf1dghvcml6zroaahr0chm6ly9hzg1pbi5ib29raw5nlmnvbs8qonsiyxv0af9hdhrlbxb0x2lkijoiyjezzgnlmjqtmgm5os00yjjllthiogutnji0njlln2y1zgq5in0yk1lhoetpzgcwyxpls1n1og5vz25uq3psci1mykt5txfxavnwannsmjv4wnm6bfmyntzcbgnvzguqezcsipujlk4nogbcafjd1nxosdi"; http_uri; depth:305; isdataat:!1,relative; nocase; content:"booking.patehers-ordders.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430467/; classtype:trojan-activity;sid:84293567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430468)"; flow:established,from_client; content:"GET"; http_method; content:"/er9u"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"sojusundays.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430468/; classtype:trojan-activity;sid:84293568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430469)"; flow:established,from_client; content:"GET"; http_method; content:"/nlgi"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"doodlz-art.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430469/; classtype:trojan-activity;sid:84293569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430470)"; flow:established,from_client; content:"GET"; http_method; content:"/dswdk4i1ab4pizjw.html"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"v3-cetpcha.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430470/; classtype:trojan-activity;sid:84293570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430471)"; flow:established,from_client; content:"GET"; http_method; content:"/gvtoythktm12ryxr.html"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"v3-cetpcha.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430471/; classtype:trojan-activity;sid:84293571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430466/; classtype:trojan-activity;sid:84293566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.44.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430465/; classtype:trojan-activity;sid:84293565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.215.67.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430464/; classtype:trojan-activity;sid:84293564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.6.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430463/; classtype:trojan-activity;sid:84293563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.228.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430461/; classtype:trojan-activity;sid:84293561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.142.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430462/; classtype:trojan-activity;sid:84293562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430460)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.104.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430460/; classtype:trojan-activity;sid:84293560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430459)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.117.206.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430459/; classtype:trojan-activity;sid:84293559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.153.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430458/; classtype:trojan-activity;sid:84293558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.51.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430457/; classtype:trojan-activity;sid:84293557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.69.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430456/; classtype:trojan-activity;sid:84293556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.234.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430454/; classtype:trojan-activity;sid:84293554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.38.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430455/; classtype:trojan-activity;sid:84293555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.195.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430453/; classtype:trojan-activity;sid:84293553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.49.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430452/; classtype:trojan-activity;sid:84293552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.207.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430451/; classtype:trojan-activity;sid:84293551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430450)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.60.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430450/; classtype:trojan-activity;sid:84293550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430448)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.250.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430448/; classtype:trojan-activity;sid:84293548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430449)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.235.252.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430449/; classtype:trojan-activity;sid:84293549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430447)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.188.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430447/; classtype:trojan-activity;sid:84293547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430446)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.208.104.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430446/; classtype:trojan-activity;sid:84293546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430445)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.107.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430445/; classtype:trojan-activity;sid:84293545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430444)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.74.244.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430444/; classtype:trojan-activity;sid:84293544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430443)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.189.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430443/; classtype:trojan-activity;sid:84293543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.62.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430442/; classtype:trojan-activity;sid:84293542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.7.82"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430441/; classtype:trojan-activity;sid:84293541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.190.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430440/; classtype:trojan-activity;sid:84293540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.143.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430439/; classtype:trojan-activity;sid:84293539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.5.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430438/; classtype:trojan-activity;sid:84293538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.241.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430437/; classtype:trojan-activity;sid:84293537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.76.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430436/; classtype:trojan-activity;sid:84293536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.44.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430435/; classtype:trojan-activity;sid:84293535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430434)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.149.255.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430434/; classtype:trojan-activity;sid:84293534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.118.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430433/; classtype:trojan-activity;sid:84293533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.18.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430432/; classtype:trojan-activity;sid:84293532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.207.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430431/; classtype:trojan-activity;sid:84293531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.134.132.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430430/; classtype:trojan-activity;sid:84293530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.143.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430429/; classtype:trojan-activity;sid:84293529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.118.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430428/; classtype:trojan-activity;sid:84293528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.150.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430427/; classtype:trojan-activity;sid:84293527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.146.92.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430426/; classtype:trojan-activity;sid:84293526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.241.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430425/; classtype:trojan-activity;sid:84293525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.174.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430424/; classtype:trojan-activity;sid:84293524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.5.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430423/; classtype:trojan-activity;sid:84293523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.81.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430422/; classtype:trojan-activity;sid:84293522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.70.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430421/; classtype:trojan-activity;sid:84293521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.103.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430420/; classtype:trojan-activity;sid:84293520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.76.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430417/; classtype:trojan-activity;sid:84293517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.12.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430418/; classtype:trojan-activity;sid:84293518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.90.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430419/; classtype:trojan-activity;sid:84293519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.44.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430416/; classtype:trojan-activity;sid:84293516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.103.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430415/; classtype:trojan-activity;sid:84293515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.150.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430414/; classtype:trojan-activity;sid:84293514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.70.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430413/; classtype:trojan-activity;sid:84293513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.9.67.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430411/; classtype:trojan-activity;sid:84293511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.84.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430412/; classtype:trojan-activity;sid:84293512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430410)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.95.169.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430410/; classtype:trojan-activity;sid:84293510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.38.106.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430409/; classtype:trojan-activity;sid:84293509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.2.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430408/; classtype:trojan-activity;sid:84293508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.70.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430407/; classtype:trojan-activity;sid:84293507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430406)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.183.62.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430406/; classtype:trojan-activity;sid:84293506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.170.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430405/; classtype:trojan-activity;sid:84293505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.146.92.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430404/; classtype:trojan-activity;sid:84293504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.110.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430403/; classtype:trojan-activity;sid:84293503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.207.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430402/; classtype:trojan-activity;sid:84293502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.81.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430401/; classtype:trojan-activity;sid:84293501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.76.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430400/; classtype:trojan-activity;sid:84293500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.65.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430399/; classtype:trojan-activity;sid:84293499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.102.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430398/; classtype:trojan-activity;sid:84293498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.90.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430397/; classtype:trojan-activity;sid:84293497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.2.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430396/; classtype:trojan-activity;sid:84293496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.70.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430395/; classtype:trojan-activity;sid:84293495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.103.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430394/; classtype:trojan-activity;sid:84293494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430393)"; flow:established,from_client; content:"GET"; http_method; content:"/profilelayout"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"ceo.cowholesaling.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430393/; classtype:trojan-activity;sid:84293493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.110.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430392/; classtype:trojan-activity;sid:84293492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.150.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430391/; classtype:trojan-activity;sid:84293491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.116.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430390/; classtype:trojan-activity;sid:84293490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.89.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430389/; classtype:trojan-activity;sid:84293489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.141.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430388/; classtype:trojan-activity;sid:84293488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.150.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430387/; classtype:trojan-activity;sid:84293487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.84.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430386/; classtype:trojan-activity;sid:84293486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430385)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.214.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430385/; classtype:trojan-activity;sid:84293485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430384)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.6.106"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430384/; classtype:trojan-activity;sid:84293484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.84.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430383/; classtype:trojan-activity;sid:84293483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.69.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430382/; classtype:trojan-activity;sid:84293482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.162.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430381/; classtype:trojan-activity;sid:84293481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.180.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430380/; classtype:trojan-activity;sid:84293480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.218.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430379/; classtype:trojan-activity;sid:84293479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430378)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.116.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430378/; classtype:trojan-activity;sid:84293478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.65.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430377/; classtype:trojan-activity;sid:84293477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.28.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430375/; classtype:trojan-activity;sid:84293475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430376/; classtype:trojan-activity;sid:84293476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.89.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430374/; classtype:trojan-activity;sid:84293474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.106.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430373/; classtype:trojan-activity;sid:84293473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.0.45"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430372/; classtype:trojan-activity;sid:84293472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.46.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430371/; classtype:trojan-activity;sid:84293471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.141.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430370/; classtype:trojan-activity;sid:84293470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.121.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430369/; classtype:trojan-activity;sid:84293469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.42.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430368/; classtype:trojan-activity;sid:84293468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.3.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430367/; classtype:trojan-activity;sid:84293467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.180.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430366/; classtype:trojan-activity;sid:84293466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430365/; classtype:trojan-activity;sid:84293465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.123.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430364/; classtype:trojan-activity;sid:84293464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430363)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.28.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430363/; classtype:trojan-activity;sid:84293463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.21.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430362/; classtype:trojan-activity;sid:84293462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.1.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430361/; classtype:trojan-activity;sid:84293461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.28.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430360/; classtype:trojan-activity;sid:84293460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.182.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430359/; classtype:trojan-activity;sid:84293459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.63.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430358/; classtype:trojan-activity;sid:84293458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.121.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430357/; classtype:trojan-activity;sid:84293457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.152.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430356/; classtype:trojan-activity;sid:84293456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.46.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430355/; classtype:trojan-activity;sid:84293455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.173.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430354/; classtype:trojan-activity;sid:84293454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.137.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430353/; classtype:trojan-activity;sid:84293453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.106.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430352/; classtype:trojan-activity;sid:84293452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.60.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430351/; classtype:trojan-activity;sid:84293451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430350)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.130.61.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430350/; classtype:trojan-activity;sid:84293450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.158.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430349/; classtype:trojan-activity;sid:84293449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"161.248.55.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430348/; classtype:trojan-activity;sid:84293448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.123.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430347/; classtype:trojan-activity;sid:84293447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.173.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430346/; classtype:trojan-activity;sid:84293446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.28.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430345/; classtype:trojan-activity;sid:84293445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.108.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430344/; classtype:trojan-activity;sid:84293444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430343)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.68.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430343/; classtype:trojan-activity;sid:84293443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430342)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.1.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430342/; classtype:trojan-activity;sid:84293442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430341)"; flow:established,from_client; content:"GET"; http_method; content:"/service/recaptcha-verify"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"rcaptcha.click"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430341/; classtype:trojan-activity;sid:84293441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.117.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430340/; classtype:trojan-activity;sid:84293440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.182.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430339/; classtype:trojan-activity;sid:84293439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.218.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430337/; classtype:trojan-activity;sid:84293437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430338)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.226.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430338/; classtype:trojan-activity;sid:84293438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.148.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430336/; classtype:trojan-activity;sid:84293436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430335)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.82.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430335/; classtype:trojan-activity;sid:84293435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.145.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430333/; classtype:trojan-activity;sid:84293433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"161.248.55.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430334/; classtype:trojan-activity;sid:84293434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.158.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430332/; classtype:trojan-activity;sid:84293432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.168.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430331/; classtype:trojan-activity;sid:84293431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.28.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430330/; classtype:trojan-activity;sid:84293430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.71.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430329/; classtype:trojan-activity;sid:84293429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.187.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430328/; classtype:trojan-activity;sid:84293428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.60.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430327/; classtype:trojan-activity;sid:84293427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430326)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.6.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430326/; classtype:trojan-activity;sid:84293426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430325)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.37.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430325/; classtype:trojan-activity;sid:84293425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430323)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.36.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430323/; classtype:trojan-activity;sid:84293423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430324)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430324/; classtype:trojan-activity;sid:84293424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.228.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430322/; classtype:trojan-activity;sid:84293422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.154.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430321/; classtype:trojan-activity;sid:84293421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430320)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.168.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430320/; classtype:trojan-activity;sid:84293420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.88.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430319/; classtype:trojan-activity;sid:84293419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.156.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430318/; classtype:trojan-activity;sid:84293418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.240.197.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430317/; classtype:trojan-activity;sid:84293417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.125.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430316/; classtype:trojan-activity;sid:84293416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.146.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430315/; classtype:trojan-activity;sid:84293415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.142.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430314/; classtype:trojan-activity;sid:84293414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.25.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430313/; classtype:trojan-activity;sid:84293413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.52.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430312/; classtype:trojan-activity;sid:84293412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.73.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430311/; classtype:trojan-activity;sid:84293411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.225.51.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430310/; classtype:trojan-activity;sid:84293410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.102.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430309/; classtype:trojan-activity;sid:84293409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.240.197.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430308/; classtype:trojan-activity;sid:84293408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430307)"; flow:established,from_client; content:"GET"; http_method; content:"/confirmj.com/networkemailbackupwizardcontrollersetup.msi"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"62.133.60.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430307/; classtype:trojan-activity;sid:84293407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430306)"; flow:established,from_client; content:"GET"; http_method; content:"/confirmj.com/captcha"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"62.133.60.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430306/; classtype:trojan-activity;sid:84293406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.52.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430305/; classtype:trojan-activity;sid:84293405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.156.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430304/; classtype:trojan-activity;sid:84293404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.125.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430303/; classtype:trojan-activity;sid:84293403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430302)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.37.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430302/; classtype:trojan-activity;sid:84293402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430301)"; flow:established,from_client; content:"GET"; http_method; content:"/captcha/package1.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"confirmbookid.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430301/; classtype:trojan-activity;sid:84293401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430299)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/document_for_signing-12003.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"data3.info"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430299/; classtype:trojan-activity;sid:84293399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430300)"; flow:established,from_client; content:"GET"; http_method; content:"/farm/settup.msi"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"data3.info"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430300/; classtype:trojan-activity;sid:84293400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430297)"; flow:established,from_client; content:"GET"; http_method; content:"/farm/settup.msi"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.233.22.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430297/; classtype:trojan-activity;sid:84293397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430298)"; flow:established,from_client; content:"GET"; http_method; content:"/captcha"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"confirmbookid.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430298/; classtype:trojan-activity;sid:84293398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430296)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/document_for_signing-12003.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"193.233.22.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430296/; classtype:trojan-activity;sid:84293396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.225.51.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430295/; classtype:trojan-activity;sid:84293395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.142.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430294/; classtype:trojan-activity;sid:84293394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.72.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430293/; classtype:trojan-activity;sid:84293393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.229.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430292/; classtype:trojan-activity;sid:84293392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.88.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430291/; classtype:trojan-activity;sid:84293391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.154.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430290/; classtype:trojan-activity;sid:84293390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.102.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430289/; classtype:trojan-activity;sid:84293389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.73.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430288/; classtype:trojan-activity;sid:84293388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.147.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430287/; classtype:trojan-activity;sid:84293387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.240.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430286/; classtype:trojan-activity;sid:84293386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.235.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430285/; classtype:trojan-activity;sid:84293385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.162.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430284/; classtype:trojan-activity;sid:84293384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430283)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.249.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430283/; classtype:trojan-activity;sid:84293383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.145.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430282/; classtype:trojan-activity;sid:84293382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.249.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430281/; classtype:trojan-activity;sid:84293381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430280)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.79.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430280/; classtype:trojan-activity;sid:84293380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.229.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430279/; classtype:trojan-activity;sid:84293379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.47.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430278/; classtype:trojan-activity;sid:84293378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430277/; classtype:trojan-activity;sid:84293377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.40.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430276/; classtype:trojan-activity;sid:84293376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.144.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430275/; classtype:trojan-activity;sid:84293375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.72.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430274/; classtype:trojan-activity;sid:84293374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.85.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430273/; classtype:trojan-activity;sid:84293373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.58.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430272/; classtype:trojan-activity;sid:84293372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430271)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.210.152.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430271/; classtype:trojan-activity;sid:84293371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430269)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.209.109.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430269/; classtype:trojan-activity;sid:84293369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430270)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.210.152.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430270/; classtype:trojan-activity;sid:84293370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430268)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.4.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430268/; classtype:trojan-activity;sid:84293368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430267)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.80.68"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430267/; classtype:trojan-activity;sid:84293367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430264)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.142.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430264/; classtype:trojan-activity;sid:84293364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430265)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.144.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430265/; classtype:trojan-activity;sid:84293365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430266)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.144.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430266/; classtype:trojan-activity;sid:84293366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430262)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.237.133.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430262/; classtype:trojan-activity;sid:84293362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430263)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.22.59.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430263/; classtype:trojan-activity;sid:84293363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430255)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.124.119.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430255/; classtype:trojan-activity;sid:84293355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.92.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430256/; classtype:trojan-activity;sid:84293356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430257)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.211.38.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430257/; classtype:trojan-activity;sid:84293357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430258)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.234.174.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430258/; classtype:trojan-activity;sid:84293358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.147.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430259/; classtype:trojan-activity;sid:84293359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430260)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.72.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430260/; classtype:trojan-activity;sid:84293360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430261)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.50.81.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430261/; classtype:trojan-activity;sid:84293361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430253)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.185.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430253/; classtype:trojan-activity;sid:84293353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430254)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.152.251.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430254/; classtype:trojan-activity;sid:84293354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.144.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430252/; classtype:trojan-activity;sid:84293352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430251)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.30.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430251/; classtype:trojan-activity;sid:84293351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430250)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.160.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430250/; classtype:trojan-activity;sid:84293350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430249/; classtype:trojan-activity;sid:84293349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.186.216.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430247/; classtype:trojan-activity;sid:84293347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.174.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430248/; classtype:trojan-activity;sid:84293348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.135.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430246/; classtype:trojan-activity;sid:84293346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.7.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430245/; classtype:trojan-activity;sid:84293345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"158.255.83.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430244/; classtype:trojan-activity;sid:84293344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.57.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430242/; classtype:trojan-activity;sid:84293342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.126.81.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430243/; classtype:trojan-activity;sid:84293343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.177.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430241/; classtype:trojan-activity;sid:84293341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.160.165.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430239/; classtype:trojan-activity;sid:84293339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.24.157.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430240/; classtype:trojan-activity;sid:84293340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.79.99.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430236/; classtype:trojan-activity;sid:84293336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.235.216.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430237/; classtype:trojan-activity;sid:84293337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430238)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.173.59.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430238/; classtype:trojan-activity;sid:84293338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.235.210.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430229/; classtype:trojan-activity;sid:84293329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.177.226.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430230/; classtype:trojan-activity;sid:84293330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.173.183.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430231/; classtype:trojan-activity;sid:84293331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.238.20.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430232/; classtype:trojan-activity;sid:84293332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.241.85.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430233/; classtype:trojan-activity;sid:84293333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.24.157.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430234/; classtype:trojan-activity;sid:84293334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.74.44.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430235/; classtype:trojan-activity;sid:84293335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.110.64.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430227/; classtype:trojan-activity;sid:84293327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.47.246.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430228/; classtype:trojan-activity;sid:84293328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.131.74.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430223/; classtype:trojan-activity;sid:84293323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.61.40.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430224/; classtype:trojan-activity;sid:84293324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.54.47.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430225/; classtype:trojan-activity;sid:84293325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.243.71.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430226/; classtype:trojan-activity;sid:84293326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.138.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430222/; classtype:trojan-activity;sid:84293322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.184.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430221/; classtype:trojan-activity;sid:84293321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.212.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430220/; classtype:trojan-activity;sid:84293320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.51.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430219/; classtype:trojan-activity;sid:84293319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430218)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430218/; classtype:trojan-activity;sid:84293318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.138.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430217/; classtype:trojan-activity;sid:84293317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.69.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430216/; classtype:trojan-activity;sid:84293316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430214)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430214/; classtype:trojan-activity;sid:84293314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430215)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.108.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430215/; classtype:trojan-activity;sid:84293315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.42.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430213/; classtype:trojan-activity;sid:84293313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.139.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430212/; classtype:trojan-activity;sid:84293312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.184.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430211/; classtype:trojan-activity;sid:84293311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.93.151.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430210/; classtype:trojan-activity;sid:84293310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.92.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430209/; classtype:trojan-activity;sid:84293309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.139.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430208/; classtype:trojan-activity;sid:84293308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.221.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430207/; classtype:trojan-activity;sid:84293307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.51.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430206/; classtype:trojan-activity;sid:84293306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430205/; classtype:trojan-activity;sid:84293305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.138.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430204/; classtype:trojan-activity;sid:84293304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.69.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430203/; classtype:trojan-activity;sid:84293303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.59.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430202/; classtype:trojan-activity;sid:84293302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.221.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430201/; classtype:trojan-activity;sid:84293301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430200)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.48.73.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430200/; classtype:trojan-activity;sid:84293300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.139.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430199/; classtype:trojan-activity;sid:84293299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.139.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430198/; classtype:trojan-activity;sid:84293298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.208.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430197/; classtype:trojan-activity;sid:84293297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.16.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430196/; classtype:trojan-activity;sid:84293296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.59.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430195/; classtype:trojan-activity;sid:84293295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.25.200.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430194/; classtype:trojan-activity;sid:84293294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.138.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430193/; classtype:trojan-activity;sid:84293293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.111.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430192/; classtype:trojan-activity;sid:84293292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.25.200.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430191/; classtype:trojan-activity;sid:84293291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.83.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430190/; classtype:trojan-activity;sid:84293290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.213.135.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430189/; classtype:trojan-activity;sid:84293289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430188/; classtype:trojan-activity;sid:84293288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.204.196.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430187/; classtype:trojan-activity;sid:84293287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430186)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.217.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430186/; classtype:trojan-activity;sid:84293286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.103.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430185/; classtype:trojan-activity;sid:84293285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.89.124.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430184/; classtype:trojan-activity;sid:84293284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430183/; classtype:trojan-activity;sid:84293283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430182)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.18.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430182/; classtype:trojan-activity;sid:84293282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430181)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.103.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430181/; classtype:trojan-activity;sid:84293281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430180/; classtype:trojan-activity;sid:84293280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.213.135.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430179/; classtype:trojan-activity;sid:84293279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430178/; classtype:trojan-activity;sid:84293278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.111.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430177/; classtype:trojan-activity;sid:84293277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430176)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.90.12"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430176/; classtype:trojan-activity;sid:84293276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.196.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430175/; classtype:trojan-activity;sid:84293275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430174)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.11.118"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430174/; classtype:trojan-activity;sid:84293274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.103.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430173/; classtype:trojan-activity;sid:84293273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.234.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430172/; classtype:trojan-activity;sid:84293272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.176.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430171/; classtype:trojan-activity;sid:84293271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430170)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"24.90.239.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430170/; classtype:trojan-activity;sid:84293270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.227.7.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430169/; classtype:trojan-activity;sid:84293269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.18.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430168/; classtype:trojan-activity;sid:84293268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.89.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430167/; classtype:trojan-activity;sid:84293267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430166)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"123.175.30.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430166/; classtype:trojan-activity;sid:84293266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430164)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.11.118"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430164/; classtype:trojan-activity;sid:84293264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.42.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430165/; classtype:trojan-activity;sid:84293265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430163)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.1.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430163/; classtype:trojan-activity;sid:84293263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430162)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.7.49"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430162/; classtype:trojan-activity;sid:84293262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430161)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.81.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430161/; classtype:trojan-activity;sid:84293261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430160)"; flow:established,from_client; content:"GET"; http_method; content:"/encrypthub/ram/ram.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"global-protect.us"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430160/; classtype:trojan-activity;sid:84293260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430159)"; flow:established,from_client; content:"GET"; http_method; content:"/encrypthub/ram/ram.ps1"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"global-protect.us"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430159/; classtype:trojan-activity;sid:84293259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430158)"; flow:established,from_client; content:"GET"; http_method; content:"/encrypthub/ram/runner.ps1"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"global-protect.us"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430158/; classtype:trojan-activity;sid:84293258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.178.44.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430157/; classtype:trojan-activity;sid:84293257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430156)"; flow:established,from_client; content:"GET"; http_method; content:"/encrypthub/stealc/stealc.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"global-protect.us"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430156/; classtype:trojan-activity;sid:84293256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430155)"; flow:established,from_client; content:"GET"; http_method; content:"/encrypthub/stealc/stealc.ps1"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"global-protect.us"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430155/; classtype:trojan-activity;sid:84293255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.60.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430154/; classtype:trojan-activity;sid:84293254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.89.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430153/; classtype:trojan-activity;sid:84293253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.38.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430152/; classtype:trojan-activity;sid:84293252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.178.44.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430151/; classtype:trojan-activity;sid:84293251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.0.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430150/; classtype:trojan-activity;sid:84293250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.114.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430149/; classtype:trojan-activity;sid:84293249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.85.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430148/; classtype:trojan-activity;sid:84293248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.8.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430147/; classtype:trojan-activity;sid:84293247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.38.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430146/; classtype:trojan-activity;sid:84293246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.253.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430144/; classtype:trojan-activity;sid:84293244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.139.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430145/; classtype:trojan-activity;sid:84293245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.191.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430143/; classtype:trojan-activity;sid:84293243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.8.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430142/; classtype:trojan-activity;sid:84293242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.0.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430141/; classtype:trojan-activity;sid:84293241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.191.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430140/; classtype:trojan-activity;sid:84293240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.201.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430139/; classtype:trojan-activity;sid:84293239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430137)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.116.104.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430137/; classtype:trojan-activity;sid:84293237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430138)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.116.104.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430138/; classtype:trojan-activity;sid:84293238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.254.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430136/; classtype:trojan-activity;sid:84293236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430135)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.116.104.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430135/; classtype:trojan-activity;sid:84293235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430133)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.116.104.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430133/; classtype:trojan-activity;sid:84293233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430134)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.116.104.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430134/; classtype:trojan-activity;sid:84293234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.186.216.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430131/; classtype:trojan-activity;sid:84293231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.215.249.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430132/; classtype:trojan-activity;sid:84293232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.161.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430130/; classtype:trojan-activity;sid:84293230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430129)"; flow:established,from_client; content:"GET"; http_method; content:"/mailclone2500/stealer/refs/heads/main/linkedintuvandat.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430129/; classtype:trojan-activity;sid:84293229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430128)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.71.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430128/; classtype:trojan-activity;sid:84293228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.211.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430127/; classtype:trojan-activity;sid:84293227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430125)"; flow:established,from_client; content:"GET"; http_method; content:"/file/macrocontrol.bin"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"hyzaars.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430125/; classtype:trojan-activity;sid:84293225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430126)"; flow:established,from_client; content:"GET"; http_method; content:"/file/macrocontrol.bin"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"ohart.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430126/; classtype:trojan-activity;sid:84293226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430124)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.163.142.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430124/; classtype:trojan-activity;sid:84293224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.61.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430123/; classtype:trojan-activity;sid:84293223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.49.65.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430122/; classtype:trojan-activity;sid:84293222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.223.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430121/; classtype:trojan-activity;sid:84293221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430120)"; flow:established,from_client; content:"GET"; http_method; content:"/fxghx.dll"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"imitrex24.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430120/; classtype:trojan-activity;sid:84293220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430119)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.125.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430119/; classtype:trojan-activity;sid:84293219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.96.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430118/; classtype:trojan-activity;sid:84293218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.168.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430117/; classtype:trojan-activity;sid:84293217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.133.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430116/; classtype:trojan-activity;sid:84293216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.22.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430115/; classtype:trojan-activity;sid:84293215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.35.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430114/; classtype:trojan-activity;sid:84293214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.49.65.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430113/; classtype:trojan-activity;sid:84293213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.165.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430112/; classtype:trojan-activity;sid:84293212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.22.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430111/; classtype:trojan-activity;sid:84293211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.169.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430109/; classtype:trojan-activity;sid:84293209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430110)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.94.193.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430110/; classtype:trojan-activity;sid:84293210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.144.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430108/; classtype:trojan-activity;sid:84293208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.59.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430107/; classtype:trojan-activity;sid:84293207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430105)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.83.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430105/; classtype:trojan-activity;sid:84293205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430106)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.236.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430106/; classtype:trojan-activity;sid:84293206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.119.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430104/; classtype:trojan-activity;sid:84293204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.11.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430102/; classtype:trojan-activity;sid:84293202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.11.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430103/; classtype:trojan-activity;sid:84293203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.142.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430101/; classtype:trojan-activity;sid:84293201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.180.8.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430100/; classtype:trojan-activity;sid:84293200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430099)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.169.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430099/; classtype:trojan-activity;sid:84293199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.147.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430098/; classtype:trojan-activity;sid:84293198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.215.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430097/; classtype:trojan-activity;sid:84293197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430096)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.133.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430096/; classtype:trojan-activity;sid:84293196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430095)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.108.90.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430095/; classtype:trojan-activity;sid:84293195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430094)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.165.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430094/; classtype:trojan-activity;sid:84293194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.248.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430093/; classtype:trojan-activity;sid:84293193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.223.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430092/; classtype:trojan-activity;sid:84293192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.119.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430091/; classtype:trojan-activity;sid:84293191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.225.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430090/; classtype:trojan-activity;sid:84293190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430089)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.241.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430089/; classtype:trojan-activity;sid:84293189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.180.8.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430088/; classtype:trojan-activity;sid:84293188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.142.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430087/; classtype:trojan-activity;sid:84293187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.177.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430086/; classtype:trojan-activity;sid:84293186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.248.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430085/; classtype:trojan-activity;sid:84293185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430084)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.158.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430084/; classtype:trojan-activity;sid:84293184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430083)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.106.55.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430083/; classtype:trojan-activity;sid:84293183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.213.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430082/; classtype:trojan-activity;sid:84293182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.181.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430080/; classtype:trojan-activity;sid:84293180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.2.70"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430081/; classtype:trojan-activity;sid:84293181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.72.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430079/; classtype:trojan-activity;sid:84293179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430078/; classtype:trojan-activity;sid:84293178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430076)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.cvdub.site"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430076/; classtype:trojan-activity;sid:84293176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430077)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.edmer.site"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430077/; classtype:trojan-activity;sid:84293177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430075)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.103.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430075/; classtype:trojan-activity;sid:84293175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.185.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430074/; classtype:trojan-activity;sid:84293174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.92.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430073/; classtype:trojan-activity;sid:84293173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.206.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430072/; classtype:trojan-activity;sid:84293172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430069)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.57.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430069/; classtype:trojan-activity;sid:84293169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.71.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430070/; classtype:trojan-activity;sid:84293170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430071)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430071/; classtype:trojan-activity;sid:84293171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430067)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.24.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430067/; classtype:trojan-activity;sid:84293167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430068)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.187.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430068/; classtype:trojan-activity;sid:84293168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.184.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430066/; classtype:trojan-activity;sid:84293166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430065/; classtype:trojan-activity;sid:84293165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.255.229.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430064/; classtype:trojan-activity;sid:84293164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.235.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430063/; classtype:trojan-activity;sid:84293163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.242.164.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430061/; classtype:trojan-activity;sid:84293161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.72.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430062/; classtype:trojan-activity;sid:84293162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430060)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.155.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430060/; classtype:trojan-activity;sid:84293160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.69.159.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430059/; classtype:trojan-activity;sid:84293159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.206.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430057/; classtype:trojan-activity;sid:84293157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.113.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430058/; classtype:trojan-activity;sid:84293158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.63.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430056/; classtype:trojan-activity;sid:84293156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.255.229.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430055/; classtype:trojan-activity;sid:84293155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.72.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430054/; classtype:trojan-activity;sid:84293154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.235.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430053/; classtype:trojan-activity;sid:84293153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430052)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.13.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430052/; classtype:trojan-activity;sid:84293152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430051)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.181.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430051/; classtype:trojan-activity;sid:84293151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.69.159.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430050/; classtype:trojan-activity;sid:84293150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.242.164.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430049/; classtype:trojan-activity;sid:84293149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.47.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430048/; classtype:trojan-activity;sid:84293148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.7.113"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430047/; classtype:trojan-activity;sid:84293147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430046)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.82.183.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430046/; classtype:trojan-activity;sid:84293146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.199.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430045/; classtype:trojan-activity;sid:84293145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430044)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.214.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430044/; classtype:trojan-activity;sid:84293144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.88.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430043/; classtype:trojan-activity;sid:84293143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430042)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.mmjdh.site"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430042/; classtype:trojan-activity;sid:84293142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.211.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430041/; classtype:trojan-activity;sid:84293141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.146.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430040/; classtype:trojan-activity;sid:84293140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430038)"; flow:established,from_client; content:"GET"; http_method; content:"/312/creatingnewthingswithgreatnewsgivenbestthignstobecometruegirl.gif"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"217.160.163.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430038/; classtype:trojan-activity;sid:84293138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430039)"; flow:established,from_client; content:"GET"; http_method; content:"/453/seethebewtthingstodothebestwayofgreatnessgod.gif"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"217.160.163.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430039/; classtype:trojan-activity;sid:84293139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430037)"; flow:established,from_client; content:"GET"; http_method; content:"/550/niceworkingskillgivemebestthingsforboostbestformegivenbestchall.gif"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"217.160.163.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430037/; classtype:trojan-activity;sid:84293137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430027)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"36.50.135.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430027/; classtype:trojan-activity;sid:84293127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430028)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"36.50.135.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430028/; classtype:trojan-activity;sid:84293128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430029)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"36.50.135.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430029/; classtype:trojan-activity;sid:84293129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430030)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"36.50.135.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430030/; classtype:trojan-activity;sid:84293130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430031)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"36.50.135.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430031/; classtype:trojan-activity;sid:84293131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430032)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"36.50.135.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430032/; classtype:trojan-activity;sid:84293132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430033)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"36.50.135.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430033/; classtype:trojan-activity;sid:84293133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430034)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"36.50.135.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430034/; classtype:trojan-activity;sid:84293134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430035)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"36.50.135.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430035/; classtype:trojan-activity;sid:84293135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430036)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"36.50.135.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430036/; classtype:trojan-activity;sid:84293136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430026)"; flow:established,from_client; content:"GET"; http_method; content:"/imxiyvzopn37.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"85.209.128.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430026/; classtype:trojan-activity;sid:84293126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430025)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"36.50.135.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430025/; classtype:trojan-activity;sid:84293125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430022)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"36.50.135.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430022/; classtype:trojan-activity;sid:84293122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430023)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"36.50.135.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430023/; classtype:trojan-activity;sid:84293123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430024)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"36.50.135.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430024/; classtype:trojan-activity;sid:84293124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430021)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.owacq.site"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430021/; classtype:trojan-activity;sid:84293121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.47.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430020/; classtype:trojan-activity;sid:84293120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.86.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430019/; classtype:trojan-activity;sid:84293119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.255.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430018/; classtype:trojan-activity;sid:84293118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430017)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.119.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430017/; classtype:trojan-activity;sid:84293117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430016)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/uh1gcpxx"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430016/; classtype:trojan-activity;sid:84293116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430015)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.73.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430015/; classtype:trojan-activity;sid:84293115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.211.8.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430014/; classtype:trojan-activity;sid:84293114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.146.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430013/; classtype:trojan-activity;sid:84293113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430012)"; flow:established,from_client; content:"GET"; http_method; content:"/gtylosk7pjmiy9pd.html"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"v3-cetpcha.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430012/; classtype:trojan-activity;sid:84293112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.211.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430011/; classtype:trojan-activity;sid:84293111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430010)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.175.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430010/; classtype:trojan-activity;sid:84293110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430008)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.26.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430008/; classtype:trojan-activity;sid:84293108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430009)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.22.223"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430009/; classtype:trojan-activity;sid:84293109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.40.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430007/; classtype:trojan-activity;sid:84293107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.144.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430006/; classtype:trojan-activity;sid:84293106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.169.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430005/; classtype:trojan-activity;sid:84293105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.79.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430004/; classtype:trojan-activity;sid:84293104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.21.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430002/; classtype:trojan-activity;sid:84293102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.216.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430003/; classtype:trojan-activity;sid:84293103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.60.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430001/; classtype:trojan-activity;sid:84293101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.58.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430000/; classtype:trojan-activity;sid:84293100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.254.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429999/; classtype:trojan-activity;sid:84293099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.187.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429997/; classtype:trojan-activity;sid:84293097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.159.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429998/; classtype:trojan-activity;sid:84293098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429996)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.2.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429996/; classtype:trojan-activity;sid:84293096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429995)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.222.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429995/; classtype:trojan-activity;sid:84293095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429994)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.165.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429994/; classtype:trojan-activity;sid:84293094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429993)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.233.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429993/; classtype:trojan-activity;sid:84293093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429992)"; flow:established,from_client; content:"GET"; http_method; content:"/myatt_sign_en.apk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"info-regionsapproval.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429992/; classtype:trojan-activity;sid:84293092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429991)"; flow:established,from_client; content:"GET"; http_method; content:"/myatt_sign_en.apk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"priv.host"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429991/; classtype:trojan-activity;sid:84293091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429990)"; flow:established,from_client; content:"GET"; http_method; content:"/myatt_sign_en.apk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"et-int.me"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429990/; classtype:trojan-activity;sid:84293090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.53.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429984/; classtype:trojan-activity;sid:84293084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.99.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429983/; classtype:trojan-activity;sid:84293083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.123.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429982/; classtype:trojan-activity;sid:84293082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429981)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.bxayj.site"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429981/; classtype:trojan-activity;sid:84293081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.92.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429979/; classtype:trojan-activity;sid:84293079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429980)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.42.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429980/; classtype:trojan-activity;sid:84293080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429977)"; flow:established,from_client; content:"GET"; http_method; content:"/richy.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"orderpo.organiccrap.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429977/; classtype:trojan-activity;sid:84293077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429978)"; flow:established,from_client; content:"GET"; http_method; content:"/wetrnsf%20(1(1).html"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"orderpo.organiccrap.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429978/; classtype:trojan-activity;sid:84293078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429976)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.40.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429976/; classtype:trojan-activity;sid:84293076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.246.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429975/; classtype:trojan-activity;sid:84293075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.172.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429974/; classtype:trojan-activity;sid:84293074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429973)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429973/; classtype:trojan-activity;sid:84293073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429972)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.166.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429972/; classtype:trojan-activity;sid:84293072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.21.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429971/; classtype:trojan-activity;sid:84293071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.222.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429970/; classtype:trojan-activity;sid:84293070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.216.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429969/; classtype:trojan-activity;sid:84293069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.246.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429968/; classtype:trojan-activity;sid:84293068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.123.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429967/; classtype:trojan-activity;sid:84293067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.66.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429966/; classtype:trojan-activity;sid:84293066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.59.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429965/; classtype:trojan-activity;sid:84293065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.95.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429964/; classtype:trojan-activity;sid:84293064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429963)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.214.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429963/; classtype:trojan-activity;sid:84293063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429962)"; flow:established,from_client; content:"GET"; http_method; content:"/fm_2811_mk35.apk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"meallsm.b-cdn.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429962/; classtype:trojan-activity;sid:84293062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.172.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429961/; classtype:trojan-activity;sid:84293061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429960)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.134.252.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429960/; classtype:trojan-activity;sid:84293060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.150.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429959/; classtype:trojan-activity;sid:84293059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.37.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429957/; classtype:trojan-activity;sid:84293057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.163.218.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429956/; classtype:trojan-activity;sid:84293056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429955)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.211.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429955/; classtype:trojan-activity;sid:84293055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.87.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429954/; classtype:trojan-activity;sid:84293054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.150.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429953/; classtype:trojan-activity;sid:84293053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.183.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429952/; classtype:trojan-activity;sid:84293052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.31.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429951/; classtype:trojan-activity;sid:84293051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.254.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429950/; classtype:trojan-activity;sid:84293050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429949)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.lolp.ink"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429949/; classtype:trojan-activity;sid:84293049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429948)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.100.247.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429948/; classtype:trojan-activity;sid:84293048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429947)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.166.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429947/; classtype:trojan-activity;sid:84293047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429946)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.101.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429946/; classtype:trojan-activity;sid:84293046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.209.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429945/; classtype:trojan-activity;sid:84293045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429942)"; flow:established,from_client; content:"GET"; http_method; content:"/myatt_sign_en.apk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"securewireless.sbs"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429942/; classtype:trojan-activity;sid:84293042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429943)"; flow:established,from_client; content:"GET"; http_method; content:"/myatt_sign_en.apk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"securewireless.sbs"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429943/; classtype:trojan-activity;sid:84293043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429944)"; flow:established,from_client; content:"GET"; http_method; content:"/myatt_sign_en.apk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"91.212.166.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429944/; classtype:trojan-activity;sid:84293044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.18.66.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429941/; classtype:trojan-activity;sid:84293041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429940)"; flow:established,from_client; content:"GET"; http_method; content:"/rusxckhn5wwpaecw.html"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"v3-cetpcha.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429940/; classtype:trojan-activity;sid:84293040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429938)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.37.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429938/; classtype:trojan-activity;sid:84293038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429939)"; flow:established,from_client; content:"GET"; http_method; content:"/ypn1xn7t8hwgfb9q.html"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"v3-cetpcha.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429939/; classtype:trojan-activity;sid:84293039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429937)"; flow:established,from_client; content:"GET"; http_method; content:"/2fnvkbrf86o1ypzq.html"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"v3-cetpcha.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429937/; classtype:trojan-activity;sid:84293037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429936)"; flow:established,from_client; content:"GET"; http_method; content:"/twwui6vgx4jm0sev.html"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"v3-cetpcha.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429936/; classtype:trojan-activity;sid:84293036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429934/; classtype:trojan-activity;sid:84293034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429935)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.21.158"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429935/; classtype:trojan-activity;sid:84293035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429933)"; flow:established,from_client; content:"GET"; http_method; content:"/no7sq2pksbafkycp.html"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"v3-cetpcha.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429933/; classtype:trojan-activity;sid:84293033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429932)"; flow:established,from_client; content:"GET"; http_method; content:"/qzv1"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"iamkarenwsmith.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429932/; classtype:trojan-activity;sid:84293032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.163.218.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429930/; classtype:trojan-activity;sid:84293030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.76.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429929/; classtype:trojan-activity;sid:84293029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.251.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429928/; classtype:trojan-activity;sid:84293028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429927)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.247.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429927/; classtype:trojan-activity;sid:84293027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.71.19.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429926/; classtype:trojan-activity;sid:84293026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.18.66.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429925/; classtype:trojan-activity;sid:84293025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.214.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429924/; classtype:trojan-activity;sid:84293024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429922)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.alku.ink"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429922/; classtype:trojan-activity;sid:84293022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429923)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.amda.ink"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429923/; classtype:trojan-activity;sid:84293023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.251.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429921/; classtype:trojan-activity;sid:84293021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.74.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429920/; classtype:trojan-activity;sid:84293020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.137.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429919/; classtype:trojan-activity;sid:84293019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.222.226.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429918/; classtype:trojan-activity;sid:84293018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429917)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"36.50.135.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429917/; classtype:trojan-activity;sid:84293017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.32.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429914/; classtype:trojan-activity;sid:84293014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.35.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429915/; classtype:trojan-activity;sid:84293015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.92.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429916/; classtype:trojan-activity;sid:84293016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.83.126.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429912/; classtype:trojan-activity;sid:84293012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.240.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429913/; classtype:trojan-activity;sid:84293013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.23.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429911/; classtype:trojan-activity;sid:84293011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.16.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429910/; classtype:trojan-activity;sid:84293010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.214.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429909/; classtype:trojan-activity;sid:84293009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.71.19.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429908/; classtype:trojan-activity;sid:84293008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.176.223.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429907/; classtype:trojan-activity;sid:84293007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.144.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429906/; classtype:trojan-activity;sid:84293006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.147.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429905/; classtype:trojan-activity;sid:84293005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.33.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429904/; classtype:trojan-activity;sid:84293004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.98.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429903/; classtype:trojan-activity;sid:84293003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429902)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.73.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429902/; classtype:trojan-activity;sid:84293002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429901)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.90.12"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429901/; classtype:trojan-activity;sid:84293001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429900/; classtype:trojan-activity;sid:84293000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.255.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429899/; classtype:trojan-activity;sid:84292999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.16.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429898/; classtype:trojan-activity;sid:84292998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.159.54.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429897/; classtype:trojan-activity;sid:84292997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429896)"; flow:established,from_client; content:"GET"; http_method; content:"/o645ykmujnyhtbgrvfecdwx"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"195.20.18.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429896/; classtype:trojan-activity;sid:84292996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429893)"; flow:established,from_client; content:"GET"; http_method; content:"/sas.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"195.20.18.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429893/; classtype:trojan-activity;sid:84292993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429894)"; flow:established,from_client; content:"GET"; http_method; content:"/killsof"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"195.20.18.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429894/; classtype:trojan-activity;sid:84292994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.95.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429895/; classtype:trojan-activity;sid:84292995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429892)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.popp.ink"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429892/; classtype:trojan-activity;sid:84292992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429891)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/kb/sheismybestgirlwholovesmebestwithgirlfirstnightgo.gif"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"198.46.174.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429891/; classtype:trojan-activity;sid:84292991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429890)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/kb/kbgoodsigiinforroseflowersgood.txt"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"198.46.174.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429890/; classtype:trojan-activity;sid:84292990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429888)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/fb/fbgoodforsweetgirlvoiceniceforhear.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"198.46.174.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429888/; classtype:trojan-activity;sid:84292988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429889)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/ehi663hjrmfs5w8sg3zad/vbs-js-wsf-bat.jpg|3f|rlkey=2h0noipk9ufydffji8xa7t7tj|7c|26|7c|st=f6onv7d4|7c|26|7c|dl=1"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429889/; classtype:trojan-activity;sid:84292989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429887)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/fb/fbgoodforsweetgirlvoiceniceforhearsa.gif"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"198.46.174.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429887/; classtype:trojan-activity;sid:84292987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429886)"; flow:established,from_client; content:"GET"; http_method; content:"/richie213/jic/refs/heads/main/cpnebic.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429886/; classtype:trojan-activity;sid:84292986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429885)"; flow:established,from_client; content:"GET"; http_method; content:"/1/test.jpg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ofice365.github.io"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429885/; classtype:trojan-activity;sid:84292985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.38.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429883/; classtype:trojan-activity;sid:84292983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429884)"; flow:established,from_client; content:"GET"; http_method; content:"/richie213/36k/refs/heads/main/iamdgfd.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429884/; classtype:trojan-activity;sid:84292984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.98.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429882/; classtype:trojan-activity;sid:84292982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429880)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/envs/dg.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429880/; classtype:trojan-activity;sid:84292980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429881)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/envs/vm.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429881/; classtype:trojan-activity;sid:84292981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429873)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/giania.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429873/; classtype:trojan-activity;sid:84292973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429874)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/code.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429874/; classtype:trojan-activity;sid:84292974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429875)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/purelog.ps1"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429875/; classtype:trojan-activity;sid:84292975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429876)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/laserrr.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429876/; classtype:trojan-activity;sid:84292976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429877)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/pure.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429877/; classtype:trojan-activity;sid:84292977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429878)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/codee.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429878/; classtype:trojan-activity;sid:84292978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429879)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/g.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429879/; classtype:trojan-activity;sid:84292979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429871)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/graw.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429871/; classtype:trojan-activity;sid:84292971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429872)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/graw.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429872/; classtype:trojan-activity;sid:84292972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429870)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.smfd.ink"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429870/; classtype:trojan-activity;sid:84292970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.255.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429869/; classtype:trojan-activity;sid:84292969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.41.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429868/; classtype:trojan-activity;sid:84292968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.16.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429867/; classtype:trojan-activity;sid:84292967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.79.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429866/; classtype:trojan-activity;sid:84292966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.21.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429865/; classtype:trojan-activity;sid:84292965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.216.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429864/; classtype:trojan-activity;sid:84292964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.58.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429863/; classtype:trojan-activity;sid:84292963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.165.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429862/; classtype:trojan-activity;sid:84292962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.142.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429861/; classtype:trojan-activity;sid:84292961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429860)"; flow:established,from_client; content:"GET"; http_method; content:"/wk.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.15.186.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429860/; classtype:trojan-activity;sid:84292960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429856)"; flow:established,from_client; content:"GET"; http_method; content:"/wo3iod"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lqhm.constructoramelgarejo.cl"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429856/; classtype:trojan-activity;sid:84292956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429857)"; flow:established,from_client; content:"GET"; http_method; content:"/wo3iod"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"j4jb.constructoramelgarejo.cl"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429857/; classtype:trojan-activity;sid:84292957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429858)"; flow:established,from_client; content:"GET"; http_method; content:"/wo3iod"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"hoa0.constructoramelgarejo.cl"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429858/; classtype:trojan-activity;sid:84292958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429859)"; flow:established,from_client; content:"GET"; http_method; content:"/wo3iod"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"kes3.constructoramelgarejo.cl"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429859/; classtype:trojan-activity;sid:84292959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429855)"; flow:established,from_client; content:"GET"; http_method; content:"/wo3iod"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ptno.constructoramelgarejo.cl"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429855/; classtype:trojan-activity;sid:84292955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429854)"; flow:established,from_client; content:"GET"; http_method; content:"/39swkw0"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sabt.conformalegal.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429854/; classtype:trojan-activity;sid:84292954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429853)"; flow:established,from_client; content:"GET"; http_method; content:"/453/seethebewtthingstodothebestwayofgreatnessgod.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"217.160.163.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429853/; classtype:trojan-activity;sid:84292953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429852)"; flow:established,from_client; content:"GET"; http_method; content:"/312/wcec/creatingbestthingswithgreatnewsgivenmebestthigns.hta"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"217.160.163.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429852/; classtype:trojan-activity;sid:84292952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429851)"; flow:established,from_client; content:"GET"; http_method; content:"/3iidk32323/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"file-download.esshard.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429851/; classtype:trojan-activity;sid:84292951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429849)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/kb/cute/sheismybestgirlwholovesmebestwithgirlfirstnightgoood.hta"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"198.46.174.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429849/; classtype:trojan-activity;sid:84292949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429850)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/fb/seno/fbgoodforsweetgirlvoiceniceforhearsagirlscute.hta"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"198.46.174.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429850/; classtype:trojan-activity;sid:84292950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429848)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.uhxkj.space"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429848/; classtype:trojan-activity;sid:84292948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.63.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429847/; classtype:trojan-activity;sid:84292947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.224.21.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429846/; classtype:trojan-activity;sid:84292946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.29.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429845/; classtype:trojan-activity;sid:84292945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.156.177.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429844/; classtype:trojan-activity;sid:84292944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.74.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429843/; classtype:trojan-activity;sid:84292943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.52.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429842/; classtype:trojan-activity;sid:84292942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429841)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.172.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429841/; classtype:trojan-activity;sid:84292941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429840)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.79.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429840/; classtype:trojan-activity;sid:84292940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429839)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.233.205.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429839/; classtype:trojan-activity;sid:84292939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.35.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429837/; classtype:trojan-activity;sid:84292937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.67.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429838/; classtype:trojan-activity;sid:84292938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.216.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429836/; classtype:trojan-activity;sid:84292936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429835)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.165.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429835/; classtype:trojan-activity;sid:84292935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.41.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429834/; classtype:trojan-activity;sid:84292934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429833)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.156.177.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429833/; classtype:trojan-activity;sid:84292933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.53.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429832/; classtype:trojan-activity;sid:84292932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.103.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429831/; classtype:trojan-activity;sid:84292931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.81.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429830/; classtype:trojan-activity;sid:84292930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.224.21.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429829/; classtype:trojan-activity;sid:84292929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.211.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429827/; classtype:trojan-activity;sid:84292927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.10.64.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429828/; classtype:trojan-activity;sid:84292928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.190.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429826/; classtype:trojan-activity;sid:84292926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429825)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429825/; classtype:trojan-activity;sid:84292925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.92.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429824/; classtype:trojan-activity;sid:84292924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.158.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429823/; classtype:trojan-activity;sid:84292923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.93.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429822/; classtype:trojan-activity;sid:84292922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.67.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429821/; classtype:trojan-activity;sid:84292921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.55.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429820/; classtype:trojan-activity;sid:84292920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429819)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.102.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429819/; classtype:trojan-activity;sid:84292919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.190.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429818/; classtype:trojan-activity;sid:84292918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.193.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429817/; classtype:trojan-activity;sid:84292917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"161.248.55.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429816/; classtype:trojan-activity;sid:84292916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.7.169"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429815/; classtype:trojan-activity;sid:84292915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429814)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.19.221"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429814/; classtype:trojan-activity;sid:84292914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429813)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.esscv.tech"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429813/; classtype:trojan-activity;sid:84292913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429812)"; flow:established,from_client; content:"GET"; http_method; content:"/svc.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.81.68.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429812/; classtype:trojan-activity;sid:84292912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.193.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429811/; classtype:trojan-activity;sid:84292911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.236.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429810/; classtype:trojan-activity;sid:84292910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429808)"; flow:established,from_client; content:"GET"; http_method; content:"/boom/tsnb.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"147.45.44.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429808/; classtype:trojan-activity;sid:84292908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429809)"; flow:established,from_client; content:"GET"; http_method; content:"/boom/tvhdr.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"147.45.44.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429809/; classtype:trojan-activity;sid:84292909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429807)"; flow:established,from_client; content:"GET"; http_method; content:"/longtu/0823.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"118.31.226.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429807/; classtype:trojan-activity;sid:84292907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.254.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429806/; classtype:trojan-activity;sid:84292906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"161.248.55.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429805/; classtype:trojan-activity;sid:84292905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.32.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429804/; classtype:trojan-activity;sid:84292904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72.29.46.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429803/; classtype:trojan-activity;sid:84292903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.25.51"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429802/; classtype:trojan-activity;sid:84292902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429801)"; flow:established,from_client; content:"GET"; http_method; content:"/453/wecc/seethebewtthingstodothebestwayofgreatnessgod.hta"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"217.160.163.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429801/; classtype:trojan-activity;sid:84292901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.0.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429800/; classtype:trojan-activity;sid:84292900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.87.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429799/; classtype:trojan-activity;sid:84292899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.93.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429798/; classtype:trojan-activity;sid:84292898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429797)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.80.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429797/; classtype:trojan-activity;sid:84292897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.46.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429796/; classtype:trojan-activity;sid:84292896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.179.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429795/; classtype:trojan-activity;sid:84292895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.249.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429794/; classtype:trojan-activity;sid:84292894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429793)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/bootstrappernew.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"d2314eac.solaraweb-alj.pages.dev"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429793/; classtype:trojan-activity;sid:84292893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.32.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429792/; classtype:trojan-activity;sid:84292892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429791/; classtype:trojan-activity;sid:84292891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.155.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429790/; classtype:trojan-activity;sid:84292890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.0.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429789/; classtype:trojan-activity;sid:84292889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.244.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429788/; classtype:trojan-activity;sid:84292888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429786)"; flow:established,from_client; content:"GET"; http_method; content:"/mrmuxktbj196.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"94.232.249.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429786/; classtype:trojan-activity;sid:84292886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429787)"; flow:established,from_client; content:"GET"; http_method; content:"/pol.bin"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"iq.bjvfle7.bar"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429787/; classtype:trojan-activity;sid:84292887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.235.130.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429785/; classtype:trojan-activity;sid:84292885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.125.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429784/; classtype:trojan-activity;sid:84292884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.106.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429783/; classtype:trojan-activity;sid:84292883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429782)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.7.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429782/; classtype:trojan-activity;sid:84292882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.179.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429781/; classtype:trojan-activity;sid:84292881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.73.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429780/; classtype:trojan-activity;sid:84292880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.96.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429778/; classtype:trojan-activity;sid:84292878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.238.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429779/; classtype:trojan-activity;sid:84292879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.41.71.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429777/; classtype:trojan-activity;sid:84292877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429776)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.125.51.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429776/; classtype:trojan-activity;sid:84292876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429774)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429774/; classtype:trojan-activity;sid:84292874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429775)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.208.104.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429775/; classtype:trojan-activity;sid:84292875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429773)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.144.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429773/; classtype:trojan-activity;sid:84292873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.106.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429770/; classtype:trojan-activity;sid:84292870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429771)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429771/; classtype:trojan-activity;sid:84292871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.78.132.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429772/; classtype:trojan-activity;sid:84292872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.12.202.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429769/; classtype:trojan-activity;sid:84292869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429768)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.114.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429768/; classtype:trojan-activity;sid:84292868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.249.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429767/; classtype:trojan-activity;sid:84292867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.10.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429766/; classtype:trojan-activity;sid:84292866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.19.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429765/; classtype:trojan-activity;sid:84292865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.238.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429763/; classtype:trojan-activity;sid:84292863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429762)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"secureverifys.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429762/; classtype:trojan-activity;sid:84292862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.83.126.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429761/; classtype:trojan-activity;sid:84292861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.50.70.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429760/; classtype:trojan-activity;sid:84292860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.202.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429759/; classtype:trojan-activity;sid:84292859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.237.168.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429757/; classtype:trojan-activity;sid:84292857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429758)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.186.216.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429758/; classtype:trojan-activity;sid:84292858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.120.236.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429756/; classtype:trojan-activity;sid:84292856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429755)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.86.227"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429755/; classtype:trojan-activity;sid:84292855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.44.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429754/; classtype:trojan-activity;sid:84292854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.93.151.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429753/; classtype:trojan-activity;sid:84292853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.56.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429752/; classtype:trojan-activity;sid:84292852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.41.71.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429751/; classtype:trojan-activity;sid:84292851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.133.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429750/; classtype:trojan-activity;sid:84292850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429749)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/laser.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429749/; classtype:trojan-activity;sid:84292849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.19.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429748/; classtype:trojan-activity;sid:84292848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.56.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429747/; classtype:trojan-activity;sid:84292847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.72.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429746/; classtype:trojan-activity;sid:84292846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429745)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.52.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429745/; classtype:trojan-activity;sid:84292845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.13.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429744/; classtype:trojan-activity;sid:84292844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.25.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429743/; classtype:trojan-activity;sid:84292843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.138.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429742/; classtype:trojan-activity;sid:84292842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.60.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429741/; classtype:trojan-activity;sid:84292841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.64.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429740/; classtype:trojan-activity;sid:84292840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.22.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429739/; classtype:trojan-activity;sid:84292839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.72.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429738/; classtype:trojan-activity;sid:84292838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.76.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429737/; classtype:trojan-activity;sid:84292837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.171.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429735/; classtype:trojan-activity;sid:84292835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.67.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429736/; classtype:trojan-activity;sid:84292836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.202.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429734/; classtype:trojan-activity;sid:84292834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.133.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429733/; classtype:trojan-activity;sid:84292833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.13.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429732/; classtype:trojan-activity;sid:84292832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429731)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.129.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429731/; classtype:trojan-activity;sid:84292831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429730)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.210.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429730/; classtype:trojan-activity;sid:84292830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429729)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.246.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429729/; classtype:trojan-activity;sid:84292829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429728)"; flow:established,from_client; content:"GET"; http_method; content:"/zzanpuoutycmku8d"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"antiquebotv3.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429728/; classtype:trojan-activity;sid:84292828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429726)"; flow:established,from_client; content:"GET"; http_method; content:"/gxqvle1qvpvcqndu"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"antiquebotv3.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429726/; classtype:trojan-activity;sid:84292826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429727)"; flow:established,from_client; content:"GET"; http_method; content:"/q2kcddrkdrsut1aj"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"antiquebotv3.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429727/; classtype:trojan-activity;sid:84292827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429724)"; flow:established,from_client; content:"GET"; http_method; content:"/sixzrnryjk8fjdiy"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"antiquebotv3.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429724/; classtype:trojan-activity;sid:84292824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429725)"; flow:established,from_client; content:"GET"; http_method; content:"/8orx1vouabvm8zcd"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"antiquebotv3.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429725/; classtype:trojan-activity;sid:84292825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429723)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.156.70.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429723/; classtype:trojan-activity;sid:84292823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.158.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429722/; classtype:trojan-activity;sid:84292822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.20.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429721/; classtype:trojan-activity;sid:84292821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.76.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429720/; classtype:trojan-activity;sid:84292820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429719)"; flow:established,from_client; content:"GET"; http_method; content:"/sign-in|3f|op_token=zxj81egvvyxv0ackyaqounlo3mm9it2qznk5un3prm3bpcmgscwf1dghvcml6zroaahr0chm6ly9hzg1pbi5ib29raw5nlmnvbs8qonsiyxv0af9hdhrlbxb0x2lkijoiyjezzgnlmjqtmgm5os00yjjllthiogutnji0njlln2y1zgq5in0yk1lhoetpzgcwyxpls1n1og5vz25uq3psci1mykt5txfxavnwannsmjv4wnm6bfmyntzcbgnvzguqezcsipujlk4nogbcafjd1nxosdi"; http_uri; depth:305; isdataat:!1,relative; nocase; content:"booking.secureverifys.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429719/; classtype:trojan-activity;sid:84292819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429717)"; flow:established,from_client; content:"GET"; http_method; content:"/g9fkhzao9f9yxffw"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"antiquebotv3.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429717/; classtype:trojan-activity;sid:84292817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.171.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429718/; classtype:trojan-activity;sid:84292818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429715)"; flow:established,from_client; content:"GET"; http_method; content:"/81v2"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"caymanluxurycars.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429715/; classtype:trojan-activity;sid:84292815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429716)"; flow:established,from_client; content:"GET"; http_method; content:"/rvb2"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"barleyjack.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429716/; classtype:trojan-activity;sid:84292816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.144.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429714/; classtype:trojan-activity;sid:84292814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.60.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429713/; classtype:trojan-activity;sid:84292813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429712)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.202.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429712/; classtype:trojan-activity;sid:84292812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429711)"; flow:established,from_client; content:"GET"; http_method; content:"/sign-in|3f|op_token=zxj81egvvyxv0ackyaqounlo3mm9it2qznk5un3prm3bpcmgscwf1dghvcml6zroaahr0chm6ly9hzg1pbi5ib29raw5nlmnvbs8qonsiyxv0af9hdhrlbxb0x2lkijoiyjezzgnlmjqtmgm5os00yjjllthiogutnji0njlln2y1zgq5in0yk1lhoetpzgcwyxpls1n1og5vz25uq3psci1mykt5txfxavnwannsmjv4wnm6bfmyntzcbgnvzguqezcsipujlk4nogbcafjd1nxosdi"; http_uri; depth:305; isdataat:!1,relative; nocase; content:"booking.exsrtra-cancellesd.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429711/; classtype:trojan-activity;sid:84292811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429709)"; flow:established,from_client; content:"GET"; http_method; content:"/ayzlyvf2avile7uv"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"antiquebotv3.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429709/; classtype:trojan-activity;sid:84292809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429710)"; flow:established,from_client; content:"GET"; http_method; content:"/as06"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"neodoctopress.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429710/; classtype:trojan-activity;sid:84292810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.53.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429708/; classtype:trojan-activity;sid:84292808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.122.255.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429707/; classtype:trojan-activity;sid:84292807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429706)"; flow:established,from_client; content:"GET"; http_method; content:"/i53tn"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"paste.rs"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429706/; classtype:trojan-activity;sid:84292806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.144.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429705/; classtype:trojan-activity;sid:84292805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429704)"; flow:established,from_client; content:"GET"; http_method; content:"/nshkarm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429704/; classtype:trojan-activity;sid:84292804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429696)"; flow:established,from_client; content:"GET"; http_method; content:"/nshkarm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429696/; classtype:trojan-activity;sid:84292796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429697)"; flow:established,from_client; content:"GET"; http_method; content:"/nshkx86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429697/; classtype:trojan-activity;sid:84292797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429698)"; flow:established,from_client; content:"GET"; http_method; content:"/nshkarm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429698/; classtype:trojan-activity;sid:84292798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429699)"; flow:established,from_client; content:"GET"; http_method; content:"/nshkarm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429699/; classtype:trojan-activity;sid:84292799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429700)"; flow:established,from_client; content:"GET"; http_method; content:"/nshkppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429700/; classtype:trojan-activity;sid:84292800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429701)"; flow:established,from_client; content:"GET"; http_method; content:"/nshksh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429701/; classtype:trojan-activity;sid:84292801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429702)"; flow:established,from_client; content:"GET"; http_method; content:"/nshkmpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429702/; classtype:trojan-activity;sid:84292802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429703)"; flow:established,from_client; content:"GET"; http_method; content:"/nshkmips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429703/; classtype:trojan-activity;sid:84292803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429695)"; flow:established,from_client; content:"GET"; http_method; content:"/nshkarm4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429695/; classtype:trojan-activity;sid:84292795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429690)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/anarchy.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"181.214.58.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429690/; classtype:trojan-activity;sid:84292790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429691)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/anarchy.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"181.214.58.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429691/; classtype:trojan-activity;sid:84292791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429692)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/anarchy.arm4"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"181.214.58.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429692/; classtype:trojan-activity;sid:84292792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429693)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/anarchy.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"181.214.58.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429693/; classtype:trojan-activity;sid:84292793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429694)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/anarchy.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"181.214.58.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429694/; classtype:trojan-activity;sid:84292794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.20.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429689/; classtype:trojan-activity;sid:84292789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429688)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.19.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429688/; classtype:trojan-activity;sid:84292788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.54.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429687/; classtype:trojan-activity;sid:84292787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.156.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429686/; classtype:trojan-activity;sid:84292786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.158.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429685/; classtype:trojan-activity;sid:84292785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.75.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429684/; classtype:trojan-activity;sid:84292784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.197.140.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429683/; classtype:trojan-activity;sid:84292783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429682)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.235.177.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429682/; classtype:trojan-activity;sid:84292782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429681)"; flow:established,from_client; content:"GET"; http_method; content:"/bot-16"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.pumpsup.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429681/; classtype:trojan-activity;sid:84292781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.186.216.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429679/; classtype:trojan-activity;sid:84292779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.74.98.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429680/; classtype:trojan-activity;sid:84292780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.251.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429678/; classtype:trojan-activity;sid:84292778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.64.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429677/; classtype:trojan-activity;sid:84292777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429676)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.35.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429676/; classtype:trojan-activity;sid:84292776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429675)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.30.112.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429675/; classtype:trojan-activity;sid:84292775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.142.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429674/; classtype:trojan-activity;sid:84292774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.87.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429672/; classtype:trojan-activity;sid:84292772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.201.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429673/; classtype:trojan-activity;sid:84292773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.11.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429671/; classtype:trojan-activity;sid:84292771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.231.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429670/; classtype:trojan-activity;sid:84292770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429669)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.172.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429669/; classtype:trojan-activity;sid:84292769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.229.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429668/; classtype:trojan-activity;sid:84292768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.176.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429667/; classtype:trojan-activity;sid:84292767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.3.27.240"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429666/; classtype:trojan-activity;sid:84292766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.59.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429665/; classtype:trojan-activity;sid:84292765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.120.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429664/; classtype:trojan-activity;sid:84292764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.251.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429663/; classtype:trojan-activity;sid:84292763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.253.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429662/; classtype:trojan-activity;sid:84292762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429661/; classtype:trojan-activity;sid:84292761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.199.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429660/; classtype:trojan-activity;sid:84292760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429659)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.2.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429659/; classtype:trojan-activity;sid:84292759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429658)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.0.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429658/; classtype:trojan-activity;sid:84292758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429657)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.115.176.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429657/; classtype:trojan-activity;sid:84292757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429656)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.13.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429656/; classtype:trojan-activity;sid:84292756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429655)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429655/; classtype:trojan-activity;sid:84292755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429654)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.103.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429654/; classtype:trojan-activity;sid:84292754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429652)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429652/; classtype:trojan-activity;sid:84292752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429653)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.166.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429653/; classtype:trojan-activity;sid:84292753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429651)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.130.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429651/; classtype:trojan-activity;sid:84292751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429650)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.44.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429650/; classtype:trojan-activity;sid:84292750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429649)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.2.189"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429649/; classtype:trojan-activity;sid:84292749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.48.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429648/; classtype:trojan-activity;sid:84292748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429647)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.201.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429647/; classtype:trojan-activity;sid:84292747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.120.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429646/; classtype:trojan-activity;sid:84292746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429645)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.242.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429645/; classtype:trojan-activity;sid:84292745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.99.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429644/; classtype:trojan-activity;sid:84292744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.79.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429642/; classtype:trojan-activity;sid:84292742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.246.37.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429643/; classtype:trojan-activity;sid:84292743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.231.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429641/; classtype:trojan-activity;sid:84292741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.167.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429640/; classtype:trojan-activity;sid:84292740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.59.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429639/; classtype:trojan-activity;sid:84292739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.205.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429636/; classtype:trojan-activity;sid:84292736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.229.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429637/; classtype:trojan-activity;sid:84292737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.3.27.240"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429638/; classtype:trojan-activity;sid:84292738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429635/; classtype:trojan-activity;sid:84292735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.99.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429634/; classtype:trojan-activity;sid:84292734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.164.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429633/; classtype:trojan-activity;sid:84292733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.79.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429632/; classtype:trojan-activity;sid:84292732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429631/; classtype:trojan-activity;sid:84292731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.100.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429630/; classtype:trojan-activity;sid:84292730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.130.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429629/; classtype:trojan-activity;sid:84292729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429628)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.65.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429628/; classtype:trojan-activity;sid:84292728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429627)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.198.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429627/; classtype:trojan-activity;sid:84292727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.0.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429626/; classtype:trojan-activity;sid:84292726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.57.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429625/; classtype:trojan-activity;sid:84292725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.190.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429624/; classtype:trojan-activity;sid:84292724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.78.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429622/; classtype:trojan-activity;sid:84292722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.87.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429623/; classtype:trojan-activity;sid:84292723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.167.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429621/; classtype:trojan-activity;sid:84292721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.121.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429620/; classtype:trojan-activity;sid:84292720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.209.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429618/; classtype:trojan-activity;sid:84292718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.51.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429619/; classtype:trojan-activity;sid:84292719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.205.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429617/; classtype:trojan-activity;sid:84292717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.11.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429616/; classtype:trojan-activity;sid:84292716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.63.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429615/; classtype:trojan-activity;sid:84292715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429614)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.248.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429614/; classtype:trojan-activity;sid:84292714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.82.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429613/; classtype:trojan-activity;sid:84292713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.164.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429612/; classtype:trojan-activity;sid:84292712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.175.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429611/; classtype:trojan-activity;sid:84292711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.57.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429609/; classtype:trojan-activity;sid:84292709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.33.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429610/; classtype:trojan-activity;sid:84292710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429607)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.234.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429607/; classtype:trojan-activity;sid:84292707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.106.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429608/; classtype:trojan-activity;sid:84292708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.49.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429606/; classtype:trojan-activity;sid:84292706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.12.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429605/; classtype:trojan-activity;sid:84292705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.151.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429604/; classtype:trojan-activity;sid:84292704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.78.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429603/; classtype:trojan-activity;sid:84292703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.11.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429602/; classtype:trojan-activity;sid:84292702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.51.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429601/; classtype:trojan-activity;sid:84292701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.248.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429600/; classtype:trojan-activity;sid:84292700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.11.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429599/; classtype:trojan-activity;sid:84292699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.149.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429598/; classtype:trojan-activity;sid:84292698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429597)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429597/; classtype:trojan-activity;sid:84292697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.33.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429596/; classtype:trojan-activity;sid:84292696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.137.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429595/; classtype:trojan-activity;sid:84292695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.1.167"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429594/; classtype:trojan-activity;sid:84292694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.213.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429593/; classtype:trojan-activity;sid:84292693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.42.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429592/; classtype:trojan-activity;sid:84292692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.232.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429591/; classtype:trojan-activity;sid:84292691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429590)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.132.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429590/; classtype:trojan-activity;sid:84292690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.149.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429588/; classtype:trojan-activity;sid:84292688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.153.201.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429589/; classtype:trojan-activity;sid:84292689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.26.13"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429587/; classtype:trojan-activity;sid:84292687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.49.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429586/; classtype:trojan-activity;sid:84292686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.1.167"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429585/; classtype:trojan-activity;sid:84292685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.198.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429584/; classtype:trojan-activity;sid:84292684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.41.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429583/; classtype:trojan-activity;sid:84292683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.11.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429582/; classtype:trojan-activity;sid:84292682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.168.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429581/; classtype:trojan-activity;sid:84292681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.173.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429580/; classtype:trojan-activity;sid:84292680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.30.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429579/; classtype:trojan-activity;sid:84292679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429578)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429578/; classtype:trojan-activity;sid:84292678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.27.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429577/; classtype:trojan-activity;sid:84292677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.114.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429576/; classtype:trojan-activity;sid:84292676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.120.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429575/; classtype:trojan-activity;sid:84292675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.80.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429574/; classtype:trojan-activity;sid:84292674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.198.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429573/; classtype:trojan-activity;sid:84292673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429572)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.35.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429572/; classtype:trojan-activity;sid:84292672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.132.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429571/; classtype:trojan-activity;sid:84292671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429568)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"144.172.73.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429568/; classtype:trojan-activity;sid:84292668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429569)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.172.73.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429569/; classtype:trojan-activity;sid:84292669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429570)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.172.73.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429570/; classtype:trojan-activity;sid:84292670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429558)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"144.172.73.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429558/; classtype:trojan-activity;sid:84292658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429559)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"144.172.73.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429559/; classtype:trojan-activity;sid:84292659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429560)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"144.172.73.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429560/; classtype:trojan-activity;sid:84292660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429561)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.172.73.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429561/; classtype:trojan-activity;sid:84292661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429562)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"144.172.73.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429562/; classtype:trojan-activity;sid:84292662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429563)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.172.73.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429563/; classtype:trojan-activity;sid:84292663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429564)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.172.73.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429564/; classtype:trojan-activity;sid:84292664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429565)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.172.73.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429565/; classtype:trojan-activity;sid:84292665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429566)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"144.172.73.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429566/; classtype:trojan-activity;sid:84292666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429567)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.172.73.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429567/; classtype:trojan-activity;sid:84292667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.173.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429557/; classtype:trojan-activity;sid:84292657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.153.201.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429556/; classtype:trojan-activity;sid:84292656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.139.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429555/; classtype:trojan-activity;sid:84292655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.30.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429554/; classtype:trojan-activity;sid:84292654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.187.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429553/; classtype:trojan-activity;sid:84292653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.53.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429552/; classtype:trojan-activity;sid:84292652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429551)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.196.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429551/; classtype:trojan-activity;sid:84292651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.42.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429550/; classtype:trojan-activity;sid:84292650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.11.78"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429549/; classtype:trojan-activity;sid:84292649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429548)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.87.105.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429548/; classtype:trojan-activity;sid:84292648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.90.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429547/; classtype:trojan-activity;sid:84292647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.27.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429546/; classtype:trojan-activity;sid:84292646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.116.65.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429545/; classtype:trojan-activity;sid:84292645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.237.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429544/; classtype:trojan-activity;sid:84292644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429543)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.183.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429543/; classtype:trojan-activity;sid:84292643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.185.9.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429542/; classtype:trojan-activity;sid:84292642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.19.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429541/; classtype:trojan-activity;sid:84292641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429540/; classtype:trojan-activity;sid:84292640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429539)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.9.99"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429539/; classtype:trojan-activity;sid:84292639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429538)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.151.4.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429538/; classtype:trojan-activity;sid:84292638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.26.13"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429537/; classtype:trojan-activity;sid:84292637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.132.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429536/; classtype:trojan-activity;sid:84292636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.139.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429535/; classtype:trojan-activity;sid:84292635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.208.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429533/; classtype:trojan-activity;sid:84292633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.11.78"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429534/; classtype:trojan-activity;sid:84292634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.10.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429532/; classtype:trojan-activity;sid:84292632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.249.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429531/; classtype:trojan-activity;sid:84292631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.87.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429530/; classtype:trojan-activity;sid:84292630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.32.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429529/; classtype:trojan-activity;sid:84292629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.183.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429528/; classtype:trojan-activity;sid:84292628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.56.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429527/; classtype:trojan-activity;sid:84292627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.19.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429526/; classtype:trojan-activity;sid:84292626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.222.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429525/; classtype:trojan-activity;sid:84292625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429521)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429521/; classtype:trojan-activity;sid:84292621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429522)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.84.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429522/; classtype:trojan-activity;sid:84292622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429523)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429523/; classtype:trojan-activity;sid:84292623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429524)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.51.55.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429524/; classtype:trojan-activity;sid:84292624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429520)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.185.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429520/; classtype:trojan-activity;sid:84292620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429519)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.77.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429519/; classtype:trojan-activity;sid:84292619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429518)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.125.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429518/; classtype:trojan-activity;sid:84292618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429517)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.172.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429517/; classtype:trojan-activity;sid:84292617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429516)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429516/; classtype:trojan-activity;sid:84292616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429515)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.165.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429515/; classtype:trojan-activity;sid:84292615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429514)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.64.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429514/; classtype:trojan-activity;sid:84292614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429513)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.105.59.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429513/; classtype:trojan-activity;sid:84292613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429512)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.10.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429512/; classtype:trojan-activity;sid:84292612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.203.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429510/; classtype:trojan-activity;sid:84292610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.86.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429511/; classtype:trojan-activity;sid:84292611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.53.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429509/; classtype:trojan-activity;sid:84292609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.54.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429508/; classtype:trojan-activity;sid:84292608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.249.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429507/; classtype:trojan-activity;sid:84292607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429506/; classtype:trojan-activity;sid:84292606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.45.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429505/; classtype:trojan-activity;sid:84292605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72.135.17.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429504/; classtype:trojan-activity;sid:84292604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.116.122.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429503/; classtype:trojan-activity;sid:84292603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.56.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429502/; classtype:trojan-activity;sid:84292602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.103.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429501/; classtype:trojan-activity;sid:84292601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.45.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429500/; classtype:trojan-activity;sid:84292600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.244.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429499/; classtype:trojan-activity;sid:84292599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.133.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429497/; classtype:trojan-activity;sid:84292597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.49.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429498/; classtype:trojan-activity;sid:84292598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429496)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.101.182.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429496/; classtype:trojan-activity;sid:84292596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.69.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429495/; classtype:trojan-activity;sid:84292595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.43.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429494/; classtype:trojan-activity;sid:84292594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.116.122.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429493/; classtype:trojan-activity;sid:84292593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.93.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429492/; classtype:trojan-activity;sid:84292592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.103.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429491/; classtype:trojan-activity;sid:84292591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.158.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429490/; classtype:trojan-activity;sid:84292590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.30.112.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429489/; classtype:trojan-activity;sid:84292589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.215.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429488/; classtype:trojan-activity;sid:84292588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.69.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429487/; classtype:trojan-activity;sid:84292587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.101.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429486/; classtype:trojan-activity;sid:84292586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.66.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429485/; classtype:trojan-activity;sid:84292585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.94.142.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429484/; classtype:trojan-activity;sid:84292584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.247.109.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429482/; classtype:trojan-activity;sid:84292582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429483)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.49.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429483/; classtype:trojan-activity;sid:84292583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.192.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429480/; classtype:trojan-activity;sid:84292580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.36.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429481/; classtype:trojan-activity;sid:84292581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429478)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.246.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429478/; classtype:trojan-activity;sid:84292578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429479)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.22.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429479/; classtype:trojan-activity;sid:84292579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.103.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429477/; classtype:trojan-activity;sid:84292577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.174.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429476/; classtype:trojan-activity;sid:84292576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.60.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429475/; classtype:trojan-activity;sid:84292575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.217.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429474/; classtype:trojan-activity;sid:84292574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.43.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429473/; classtype:trojan-activity;sid:84292573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.33.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429472/; classtype:trojan-activity;sid:84292572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.2.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429471/; classtype:trojan-activity;sid:84292571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429470)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.10.248"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429470/; classtype:trojan-activity;sid:84292570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429469)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.233.237.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429469/; classtype:trojan-activity;sid:84292569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.116.65.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429468/; classtype:trojan-activity;sid:84292568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429467)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.233.237.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429467/; classtype:trojan-activity;sid:84292567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.204.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429466/; classtype:trojan-activity;sid:84292566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.62.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429465/; classtype:trojan-activity;sid:84292565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.51.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429464/; classtype:trojan-activity;sid:84292564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429463)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.216.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429463/; classtype:trojan-activity;sid:84292563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429462)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.205.179.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429462/; classtype:trojan-activity;sid:84292562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.94.142.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429461/; classtype:trojan-activity;sid:84292561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.32.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429460/; classtype:trojan-activity;sid:84292560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.215.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429459/; classtype:trojan-activity;sid:84292559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.51.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429458/; classtype:trojan-activity;sid:84292558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.150.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429457/; classtype:trojan-activity;sid:84292557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.60.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429456/; classtype:trojan-activity;sid:84292556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.103.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429455/; classtype:trojan-activity;sid:84292555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.33.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429454/; classtype:trojan-activity;sid:84292554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.30.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429453/; classtype:trojan-activity;sid:84292553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429452)"; flow:established,from_client; content:"GET"; http_method; content:"/boot/setupxe.msi"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"data03.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429452/; classtype:trojan-activity;sid:84292552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.204.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429450/; classtype:trojan-activity;sid:84292550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429451)"; flow:established,from_client; content:"GET"; http_method; content:"/boot/setupxe.msi"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"31.192.232.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429451/; classtype:trojan-activity;sid:84292551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429448)"; flow:established,from_client; content:"GET"; http_method; content:"/document-022025-110337.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"31.192.232.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429448/; classtype:trojan-activity;sid:84292548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429449)"; flow:established,from_client; content:"GET"; http_method; content:"/document-022025-110337.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"data03.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429449/; classtype:trojan-activity;sid:84292549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.32.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429447/; classtype:trojan-activity;sid:84292547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.255.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429446/; classtype:trojan-activity;sid:84292546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429445)"; flow:established,from_client; content:"GET"; http_method; content:"/fils/setupse.msi"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"secureviewmode.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429445/; classtype:trojan-activity;sid:84292545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429444)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/form%20i-25.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"secureviewmode.cloud"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429444/; classtype:trojan-activity;sid:84292544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429443)"; flow:established,from_client; content:"GET"; http_method; content:"/fils/setupse.msi"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"94.156.189.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429443/; classtype:trojan-activity;sid:84292543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429440)"; flow:established,from_client; content:"GET"; http_method; content:"/fils/setupse.msi"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"secureviewmode.cloud"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429440/; classtype:trojan-activity;sid:84292540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429441)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/form%20i-25.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"94.156.189.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429441/; classtype:trojan-activity;sid:84292541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429442)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/form%20i-25.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"secureviewmode.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429442/; classtype:trojan-activity;sid:84292542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.208.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429439/; classtype:trojan-activity;sid:84292539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429438)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.171.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429438/; classtype:trojan-activity;sid:84292538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429437)"; flow:established,from_client; content:"GET"; http_method; content:"/fils/out.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"payber.store"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429437/; classtype:trojan-activity;sid:84292537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429436)"; flow:established,from_client; content:"GET"; http_method; content:"/fils/out.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.92.136.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429436/; classtype:trojan-activity;sid:84292536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429435)"; flow:established,from_client; content:"GET"; http_method; content:"/fils/out.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"payber.store"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429435/; classtype:trojan-activity;sid:84292535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429434)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/document.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"payber.store"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429434/; classtype:trojan-activity;sid:84292534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429432)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/document.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"91.92.136.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429432/; classtype:trojan-activity;sid:84292532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429433)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/document.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"payber.store"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429433/; classtype:trojan-activity;sid:84292533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.150.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429431/; classtype:trojan-activity;sid:84292531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.63.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429430/; classtype:trojan-activity;sid:84292530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.15.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429429/; classtype:trojan-activity;sid:84292529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.142.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429428/; classtype:trojan-activity;sid:84292528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.219.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429426/; classtype:trojan-activity;sid:84292526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.30.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429427/; classtype:trojan-activity;sid:84292527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429425)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.3.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429425/; classtype:trojan-activity;sid:84292525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.55.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429424/; classtype:trojan-activity;sid:84292524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.224.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429423/; classtype:trojan-activity;sid:84292523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.215.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429422/; classtype:trojan-activity;sid:84292522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.142.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429421/; classtype:trojan-activity;sid:84292521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.255.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429420/; classtype:trojan-activity;sid:84292520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.87.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429419/; classtype:trojan-activity;sid:84292519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.174.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429418/; classtype:trojan-activity;sid:84292518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.213.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429417/; classtype:trojan-activity;sid:84292517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.42.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429416/; classtype:trojan-activity;sid:84292516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.15.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429415/; classtype:trojan-activity;sid:84292515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.73.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429413/; classtype:trojan-activity;sid:84292513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.208.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429414/; classtype:trojan-activity;sid:84292514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.194.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429412/; classtype:trojan-activity;sid:84292512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.54.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429411/; classtype:trojan-activity;sid:84292511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.169.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429410/; classtype:trojan-activity;sid:84292510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.135.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429409/; classtype:trojan-activity;sid:84292509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429408)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.62.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429408/; classtype:trojan-activity;sid:84292508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429407)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.144.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429407/; classtype:trojan-activity;sid:84292507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429404)"; flow:established,from_client; content:"GET"; http_method; content:"/earm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429404/; classtype:trojan-activity;sid:84292504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429405)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/emips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429405/; classtype:trojan-activity;sid:84292505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429406)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/earm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429406/; classtype:trojan-activity;sid:84292506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429402)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/earm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429402/; classtype:trojan-activity;sid:84292502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429403)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/earm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429403/; classtype:trojan-activity;sid:84292503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429401)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/emips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429401/; classtype:trojan-activity;sid:84292501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429398)"; flow:established,from_client; content:"GET"; http_method; content:"/earm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429398/; classtype:trojan-activity;sid:84292498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429399)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/earm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429399/; classtype:trojan-activity;sid:84292499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429400)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/ex86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429400/; classtype:trojan-activity;sid:84292500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429390)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/empsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429390/; classtype:trojan-activity;sid:84292490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429391)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/empsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429391/; classtype:trojan-activity;sid:84292491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429392)"; flow:established,from_client; content:"GET"; http_method; content:"/ex86"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429392/; classtype:trojan-activity;sid:84292492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429393)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/earm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429393/; classtype:trojan-activity;sid:84292493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429394)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429394/; classtype:trojan-activity;sid:84292494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429395)"; flow:established,from_client; content:"GET"; http_method; content:"/earm6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429395/; classtype:trojan-activity;sid:84292495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429396)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/earm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429396/; classtype:trojan-activity;sid:84292496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429397)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/earm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429397/; classtype:trojan-activity;sid:84292497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429386)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/earm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429386/; classtype:trojan-activity;sid:84292486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429387)"; flow:established,from_client; content:"GET"; http_method; content:"/emips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429387/; classtype:trojan-activity;sid:84292487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429388)"; flow:established,from_client; content:"GET"; http_method; content:"/earm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429388/; classtype:trojan-activity;sid:84292488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429389)"; flow:established,from_client; content:"GET"; http_method; content:"/dvrlocker"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429389/; classtype:trojan-activity;sid:84292489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429384)"; flow:established,from_client; content:"GET"; http_method; content:"/empsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429384/; classtype:trojan-activity;sid:84292484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429385)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/ex86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429385/; classtype:trojan-activity;sid:84292485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.176.101.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429383/; classtype:trojan-activity;sid:84292483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.120.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429382/; classtype:trojan-activity;sid:84292482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.145.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429381/; classtype:trojan-activity;sid:84292481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429380)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.192.179.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429380/; classtype:trojan-activity;sid:84292480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429376)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.192.179.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429376/; classtype:trojan-activity;sid:84292476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429377)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64el"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.192.179.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429377/; classtype:trojan-activity;sid:84292477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429378)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.192.179.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429378/; classtype:trojan-activity;sid:84292478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429379)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.192.179.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429379/; classtype:trojan-activity;sid:84292479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429374)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.192.179.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429374/; classtype:trojan-activity;sid:84292474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429375)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_386"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.192.179.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429375/; classtype:trojan-activity;sid:84292475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429372)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.192.179.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429372/; classtype:trojan-activity;sid:84292472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429373)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.192.179.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429373/; classtype:trojan-activity;sid:84292473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429371)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_aarch64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.192.179.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429371/; classtype:trojan-activity;sid:84292471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429369)"; flow:established,from_client; content:"GET"; http_method; content:"/wcsnmbcnm.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.192.179.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429369/; classtype:trojan-activity;sid:84292469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.208.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429370/; classtype:trojan-activity;sid:84292470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429368)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.87.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429368/; classtype:trojan-activity;sid:84292468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429364)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.22.160.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429364/; classtype:trojan-activity;sid:84292464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429365)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.85.37.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429365/; classtype:trojan-activity;sid:84292465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429366)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.36.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429366/; classtype:trojan-activity;sid:84292466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429367)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.175.180.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429367/; classtype:trojan-activity;sid:84292467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429361)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429361/; classtype:trojan-activity;sid:84292461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429362)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.79.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429362/; classtype:trojan-activity;sid:84292462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429363)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.89.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429363/; classtype:trojan-activity;sid:84292463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429360)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.153.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429360/; classtype:trojan-activity;sid:84292460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429359)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.125.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429359/; classtype:trojan-activity;sid:84292459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.19.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429358/; classtype:trojan-activity;sid:84292458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429357)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.225.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429357/; classtype:trojan-activity;sid:84292457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429356)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.38.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429356/; classtype:trojan-activity;sid:84292456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429354)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.15.14.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429354/; classtype:trojan-activity;sid:84292454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429355)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.165.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429355/; classtype:trojan-activity;sid:84292455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.159.54.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429353/; classtype:trojan-activity;sid:84292453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429351)"; flow:established,from_client; content:"GET"; http_method; content:"/nevaeva/ha"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.142.53.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429351/; classtype:trojan-activity;sid:84292451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429352)"; flow:established,from_client; content:"GET"; http_method; content:"/nevaeva/gfds"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.142.53.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429352/; classtype:trojan-activity;sid:84292452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429349)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429349/; classtype:trojan-activity;sid:84292449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429350)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429350/; classtype:trojan-activity;sid:84292450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429341)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429341/; classtype:trojan-activity;sid:84292441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429342)"; flow:established,from_client; content:"GET"; http_method; content:"/umips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429342/; classtype:trojan-activity;sid:84292442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429343)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429343/; classtype:trojan-activity;sid:84292443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429344)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429344/; classtype:trojan-activity;sid:84292444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429345)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429345/; classtype:trojan-activity;sid:84292445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429346)"; flow:established,from_client; content:"GET"; http_method; content:"/umpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429346/; classtype:trojan-activity;sid:84292446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429347)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429347/; classtype:trojan-activity;sid:84292447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429348)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429348/; classtype:trojan-activity;sid:84292448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.31.215"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429339/; classtype:trojan-activity;sid:84292439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.48.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429340/; classtype:trojan-activity;sid:84292440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.130.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429337/; classtype:trojan-activity;sid:84292437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.194.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429338/; classtype:trojan-activity;sid:84292438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.63.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429326/; classtype:trojan-activity;sid:84292426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429327)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.34.214.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429327/; classtype:trojan-activity;sid:84292427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429328)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.34.214.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429328/; classtype:trojan-activity;sid:84292428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429329)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.sparc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"5.34.214.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429329/; classtype:trojan-activity;sid:84292429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429330)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.34.214.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429330/; classtype:trojan-activity;sid:84292430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429331)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.34.214.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429331/; classtype:trojan-activity;sid:84292431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429332)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.34.214.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429332/; classtype:trojan-activity;sid:84292432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429333)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.34.214.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429333/; classtype:trojan-activity;sid:84292433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429334)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.34.214.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429334/; classtype:trojan-activity;sid:84292434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429335)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.34.214.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429335/; classtype:trojan-activity;sid:84292435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429336)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.34.214.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429336/; classtype:trojan-activity;sid:84292436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.231.157.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429325/; classtype:trojan-activity;sid:84292425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429324)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.145.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429324/; classtype:trojan-activity;sid:84292424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.176.223.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429322/; classtype:trojan-activity;sid:84292422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429323)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.40.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429323/; classtype:trojan-activity;sid:84292423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429320)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.40.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429320/; classtype:trojan-activity;sid:84292420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429321)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"209.141.40.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429321/; classtype:trojan-activity;sid:84292421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429319)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"161.248.55.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429319/; classtype:trojan-activity;sid:84292419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.176.101.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429318/; classtype:trojan-activity;sid:84292418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.80.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429317/; classtype:trojan-activity;sid:84292417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"134.255.119.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429316/; classtype:trojan-activity;sid:84292416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.39.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429314/; classtype:trojan-activity;sid:84292414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.235.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429315/; classtype:trojan-activity;sid:84292415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.160.234.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429312/; classtype:trojan-activity;sid:84292412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.77.149.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429313/; classtype:trojan-activity;sid:84292413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"96.18.93.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429304/; classtype:trojan-activity;sid:84292404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"104.238.195.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429305/; classtype:trojan-activity;sid:84292405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.136.93.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429306/; classtype:trojan-activity;sid:84292406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429307)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.67.107.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429307/; classtype:trojan-activity;sid:84292407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.53.26.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429308/; classtype:trojan-activity;sid:84292408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.130.246.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429309/; classtype:trojan-activity;sid:84292409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.79.119.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429310/; classtype:trojan-activity;sid:84292410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.159.221.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429311/; classtype:trojan-activity;sid:84292411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.82.78.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429298/; classtype:trojan-activity;sid:84292398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.15.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429299/; classtype:trojan-activity;sid:84292399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.110.68.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429300/; classtype:trojan-activity;sid:84292400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.221.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429301/; classtype:trojan-activity;sid:84292401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.231.114.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429302/; classtype:trojan-activity;sid:84292402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.227.54.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429303/; classtype:trojan-activity;sid:84292403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.18.201.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429294/; classtype:trojan-activity;sid:84292394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.44.65.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429295/; classtype:trojan-activity;sid:84292395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.9.41.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429296/; classtype:trojan-activity;sid:84292396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.236.89.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429297/; classtype:trojan-activity;sid:84292397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429292)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.44.153.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429292/; classtype:trojan-activity;sid:84292392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429293)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.19.195.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429293/; classtype:trojan-activity;sid:84292393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429290)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.143.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429290/; classtype:trojan-activity;sid:84292390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429291)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.200.176.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429291/; classtype:trojan-activity;sid:84292391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429289)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.73.168.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429289/; classtype:trojan-activity;sid:84292389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429287)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.14.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429287/; classtype:trojan-activity;sid:84292387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429288)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.14.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429288/; classtype:trojan-activity;sid:84292388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429285)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.182.152.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429285/; classtype:trojan-activity;sid:84292385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429286)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"171.231.16.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429286/; classtype:trojan-activity;sid:84292386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429282)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.127.239.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429282/; classtype:trojan-activity;sid:84292382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429283)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.94.125.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429283/; classtype:trojan-activity;sid:84292383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429284)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.233.68.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429284/; classtype:trojan-activity;sid:84292384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429274)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.40.101.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429274/; classtype:trojan-activity;sid:84292374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429275)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.40.119.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429275/; classtype:trojan-activity;sid:84292375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429276)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.61.30.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429276/; classtype:trojan-activity;sid:84292376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429277)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.182.88.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429277/; classtype:trojan-activity;sid:84292377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429278)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.89.238.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429278/; classtype:trojan-activity;sid:84292378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429279)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.187.229.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429279/; classtype:trojan-activity;sid:84292379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429280)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.72.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429280/; classtype:trojan-activity;sid:84292380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429281)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.25.206.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429281/; classtype:trojan-activity;sid:84292381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429273)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.253.110.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429273/; classtype:trojan-activity;sid:84292373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429272)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.41.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429272/; classtype:trojan-activity;sid:84292372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.31.215"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429271/; classtype:trojan-activity;sid:84292371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.93.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429268/; classtype:trojan-activity;sid:84292368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.144.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429269/; classtype:trojan-activity;sid:84292369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.132.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429270/; classtype:trojan-activity;sid:84292370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429267)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429267/; classtype:trojan-activity;sid:84292367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429265)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429265/; classtype:trojan-activity;sid:84292365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429266)"; flow:established,from_client; content:"GET"; http_method; content:"/f5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429266/; classtype:trojan-activity;sid:84292366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429264)"; flow:established,from_client; content:"GET"; http_method; content:"/fb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429264/; classtype:trojan-activity;sid:84292364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429263)"; flow:established,from_client; content:"GET"; http_method; content:"/fdgsfg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429263/; classtype:trojan-activity;sid:84292363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429255)"; flow:established,from_client; content:"GET"; http_method; content:"/av.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429255/; classtype:trojan-activity;sid:84292355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429256)"; flow:established,from_client; content:"GET"; http_method; content:"/gocl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429256/; classtype:trojan-activity;sid:84292356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429257)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429257/; classtype:trojan-activity;sid:84292357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429258)"; flow:established,from_client; content:"GET"; http_method; content:"/zz"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429258/; classtype:trojan-activity;sid:84292358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429259)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429259/; classtype:trojan-activity;sid:84292359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429260)"; flow:established,from_client; content:"GET"; http_method; content:"/asd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429260/; classtype:trojan-activity;sid:84292360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429261)"; flow:established,from_client; content:"GET"; http_method; content:"/mass.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429261/; classtype:trojan-activity;sid:84292361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429262)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429262/; classtype:trojan-activity;sid:84292362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429248)"; flow:established,from_client; content:"GET"; http_method; content:"/xaxa"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429248/; classtype:trojan-activity;sid:84292348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429249)"; flow:established,from_client; content:"GET"; http_method; content:"/l"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429249/; classtype:trojan-activity;sid:84292349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429250)"; flow:established,from_client; content:"GET"; http_method; content:"/multi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429250/; classtype:trojan-activity;sid:84292350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429251)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429251/; classtype:trojan-activity;sid:84292351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429252)"; flow:established,from_client; content:"GET"; http_method; content:"/create.py"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429252/; classtype:trojan-activity;sid:84292352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429253)"; flow:established,from_client; content:"GET"; http_method; content:"/sdt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429253/; classtype:trojan-activity;sid:84292353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.185.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429254/; classtype:trojan-activity;sid:84292354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429221)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429221/; classtype:trojan-activity;sid:84292321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429222)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429222/; classtype:trojan-activity;sid:84292322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429223)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429223/; classtype:trojan-activity;sid:84292323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429224)"; flow:established,from_client; content:"GET"; http_method; content:"/hmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429224/; classtype:trojan-activity;sid:84292324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429225)"; flow:established,from_client; content:"GET"; http_method; content:"/nshsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429225/; classtype:trojan-activity;sid:84292325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429226)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429226/; classtype:trojan-activity;sid:84292326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429227)"; flow:established,from_client; content:"GET"; http_method; content:"/nshmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429227/; classtype:trojan-activity;sid:84292327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429228)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429228/; classtype:trojan-activity;sid:84292328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429229)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429229/; classtype:trojan-activity;sid:84292329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429230)"; flow:established,from_client; content:"GET"; http_method; content:"/ruck"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429230/; classtype:trojan-activity;sid:84292330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429231)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429231/; classtype:trojan-activity;sid:84292331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429232)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429232/; classtype:trojan-activity;sid:84292332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429233)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429233/; classtype:trojan-activity;sid:84292333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429234)"; flow:established,from_client; content:"GET"; http_method; content:"/test.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429234/; classtype:trojan-activity;sid:84292334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429235)"; flow:established,from_client; content:"GET"; http_method; content:"/mag"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429235/; classtype:trojan-activity;sid:84292335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429236)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429236/; classtype:trojan-activity;sid:84292336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429237)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429237/; classtype:trojan-activity;sid:84292337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429238)"; flow:established,from_client; content:"GET"; http_method; content:"/vc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429238/; classtype:trojan-activity;sid:84292338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429239)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429239/; classtype:trojan-activity;sid:84292339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429240)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429240/; classtype:trojan-activity;sid:84292340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429241)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429241/; classtype:trojan-activity;sid:84292341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429242)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429242/; classtype:trojan-activity;sid:84292342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429243)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429243/; classtype:trojan-activity;sid:84292343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429244)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429244/; classtype:trojan-activity;sid:84292344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429245)"; flow:established,from_client; content:"GET"; http_method; content:"/r.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429245/; classtype:trojan-activity;sid:84292345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429246)"; flow:established,from_client; content:"GET"; http_method; content:"/lll"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429246/; classtype:trojan-activity;sid:84292346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429247)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429247/; classtype:trojan-activity;sid:84292347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429219)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429219/; classtype:trojan-activity;sid:84292319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429220)"; flow:established,from_client; content:"GET"; http_method; content:"/nshppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429220/; classtype:trojan-activity;sid:84292320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429211)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429211/; classtype:trojan-activity;sid:84292311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429212)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429212/; classtype:trojan-activity;sid:84292312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429213)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429213/; classtype:trojan-activity;sid:84292313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429214)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429214/; classtype:trojan-activity;sid:84292314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429215)"; flow:established,from_client; content:"GET"; http_method; content:"/nshmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429215/; classtype:trojan-activity;sid:84292315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429216)"; flow:established,from_client; content:"GET"; http_method; content:"/gmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429216/; classtype:trojan-activity;sid:84292316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429217)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429217/; classtype:trojan-activity;sid:84292317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429218)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.22.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429218/; classtype:trojan-activity;sid:84292318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.63.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429210/; classtype:trojan-activity;sid:84292310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.138.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429209/; classtype:trojan-activity;sid:84292309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.15.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429208/; classtype:trojan-activity;sid:84292308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.230.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429206/; classtype:trojan-activity;sid:84292306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.203.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429207/; classtype:trojan-activity;sid:84292307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429205)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.38.106.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429205/; classtype:trojan-activity;sid:84292305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.93.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429204/; classtype:trojan-activity;sid:84292304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.126.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429202/; classtype:trojan-activity;sid:84292302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.18.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429203/; classtype:trojan-activity;sid:84292303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429201)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.92.58.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429201/; classtype:trojan-activity;sid:84292301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.22.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429200/; classtype:trojan-activity;sid:84292300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429199)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.244.91.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429199/; classtype:trojan-activity;sid:84292299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.107.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429198/; classtype:trojan-activity;sid:84292298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429197/; classtype:trojan-activity;sid:84292297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.68.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429196/; classtype:trojan-activity;sid:84292296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.234.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429195/; classtype:trojan-activity;sid:84292295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429194/; classtype:trojan-activity;sid:84292294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.27.143"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429193/; classtype:trojan-activity;sid:84292293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.229.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429192/; classtype:trojan-activity;sid:84292292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.18.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429191/; classtype:trojan-activity;sid:84292291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.139.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429190/; classtype:trojan-activity;sid:84292290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.48.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429189/; classtype:trojan-activity;sid:84292289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.163.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429188/; classtype:trojan-activity;sid:84292288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.185.9.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429187/; classtype:trojan-activity;sid:84292287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.35.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429186/; classtype:trojan-activity;sid:84292286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429185)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.91.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429185/; classtype:trojan-activity;sid:84292285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.27.143"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429184/; classtype:trojan-activity;sid:84292284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429183)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.47.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429183/; classtype:trojan-activity;sid:84292283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.213.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429182/; classtype:trojan-activity;sid:84292282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429181)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.244.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429181/; classtype:trojan-activity;sid:84292281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429179)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"199.16.59.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429179/; classtype:trojan-activity;sid:84292279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.14.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429180/; classtype:trojan-activity;sid:84292280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.81.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429178/; classtype:trojan-activity;sid:84292278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429176)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.211.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429176/; classtype:trojan-activity;sid:84292276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.15.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429177/; classtype:trojan-activity;sid:84292277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.244.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429175/; classtype:trojan-activity;sid:84292275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.126.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429174/; classtype:trojan-activity;sid:84292274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.47.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429173/; classtype:trojan-activity;sid:84292273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.141.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429172/; classtype:trojan-activity;sid:84292272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.209.72.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429171/; classtype:trojan-activity;sid:84292271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.137.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429169/; classtype:trojan-activity;sid:84292269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.82.183.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429170/; classtype:trojan-activity;sid:84292270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.174.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429168/; classtype:trojan-activity;sid:84292268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.224.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429167/; classtype:trojan-activity;sid:84292267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.98.0"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429166/; classtype:trojan-activity;sid:84292266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.229.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429165/; classtype:trojan-activity;sid:84292265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.81.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429164/; classtype:trojan-activity;sid:84292264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.211.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429163/; classtype:trojan-activity;sid:84292263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.15.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429162/; classtype:trojan-activity;sid:84292262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429160)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.43.120.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429160/; classtype:trojan-activity;sid:84292260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429161)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.96.64.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429161/; classtype:trojan-activity;sid:84292261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429157)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.18.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429157/; classtype:trojan-activity;sid:84292257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.74.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429158/; classtype:trojan-activity;sid:84292258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.139.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429159/; classtype:trojan-activity;sid:84292259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.22.123"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429156/; classtype:trojan-activity;sid:84292256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.108.151.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429155/; classtype:trojan-activity;sid:84292255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429154)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.183.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429154/; classtype:trojan-activity;sid:84292254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429153)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.218.147.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429153/; classtype:trojan-activity;sid:84292253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429151)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.83.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429151/; classtype:trojan-activity;sid:84292251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.141.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429152/; classtype:trojan-activity;sid:84292252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"199.16.59.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429150/; classtype:trojan-activity;sid:84292250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.98.0"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429149/; classtype:trojan-activity;sid:84292249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.25.233.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429148/; classtype:trojan-activity;sid:84292248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.80.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429147/; classtype:trojan-activity;sid:84292247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.229.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429146/; classtype:trojan-activity;sid:84292246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.62.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429145/; classtype:trojan-activity;sid:84292245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.35.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429144/; classtype:trojan-activity;sid:84292244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.60.248.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429143/; classtype:trojan-activity;sid:84292243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.108.151.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429142/; classtype:trojan-activity;sid:84292242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.250.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429141/; classtype:trojan-activity;sid:84292241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.59.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429140/; classtype:trojan-activity;sid:84292240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.140.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429139/; classtype:trojan-activity;sid:84292239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.74.98.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429138/; classtype:trojan-activity;sid:84292238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429137)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.246.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429137/; classtype:trojan-activity;sid:84292237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.74.244.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429136/; classtype:trojan-activity;sid:84292236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.239.77.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429135/; classtype:trojan-activity;sid:84292235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.82.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429134/; classtype:trojan-activity;sid:84292234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.67.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429133/; classtype:trojan-activity;sid:84292233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.35.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429132/; classtype:trojan-activity;sid:84292232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.250.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429131/; classtype:trojan-activity;sid:84292231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.60.248.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429130/; classtype:trojan-activity;sid:84292230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.111.102.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429129/; classtype:trojan-activity;sid:84292229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.14.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429128/; classtype:trojan-activity;sid:84292228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429127/; classtype:trojan-activity;sid:84292227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.74.98.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429126/; classtype:trojan-activity;sid:84292226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.14.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429125/; classtype:trojan-activity;sid:84292225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429124)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.54.181.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429124/; classtype:trojan-activity;sid:84292224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.118.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429123/; classtype:trojan-activity;sid:84292223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.47.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429121/; classtype:trojan-activity;sid:84292221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.26.233.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429122/; classtype:trojan-activity;sid:84292222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.15.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429120/; classtype:trojan-activity;sid:84292220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.81.164.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429119/; classtype:trojan-activity;sid:84292219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.239.77.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429118/; classtype:trojan-activity;sid:84292218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.40.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429117/; classtype:trojan-activity;sid:84292217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.107.12.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429116/; classtype:trojan-activity;sid:84292216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429115/; classtype:trojan-activity;sid:84292215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.240.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429114/; classtype:trojan-activity;sid:84292214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.26.233.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429113/; classtype:trojan-activity;sid:84292213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.164.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429112/; classtype:trojan-activity;sid:84292212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.129.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429111/; classtype:trojan-activity;sid:84292211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.40.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429110/; classtype:trojan-activity;sid:84292210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.87.62.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429109/; classtype:trojan-activity;sid:84292209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.13.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429108/; classtype:trojan-activity;sid:84292208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.15.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429107/; classtype:trojan-activity;sid:84292207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.245.2.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429106/; classtype:trojan-activity;sid:84292206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429105)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.240.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429105/; classtype:trojan-activity;sid:84292205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.12.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429104/; classtype:trojan-activity;sid:84292204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.107.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429102/; classtype:trojan-activity;sid:84292202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.163.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429103/; classtype:trojan-activity;sid:84292203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.30.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429101/; classtype:trojan-activity;sid:84292201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.232.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429100/; classtype:trojan-activity;sid:84292200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.82.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429099/; classtype:trojan-activity;sid:84292199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.13.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429098/; classtype:trojan-activity;sid:84292198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429097)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.236.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429097/; classtype:trojan-activity;sid:84292197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.107.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429095/; classtype:trojan-activity;sid:84292195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.200.13.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429096/; classtype:trojan-activity;sid:84292196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.219.17.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429094/; classtype:trojan-activity;sid:84292194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.82.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429093/; classtype:trojan-activity;sid:84292193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.219.17.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429092/; classtype:trojan-activity;sid:84292192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.10.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429091/; classtype:trojan-activity;sid:84292191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.226.169.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429090/; classtype:trojan-activity;sid:84292190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.200.13.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429089/; classtype:trojan-activity;sid:84292189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.65.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429088/; classtype:trojan-activity;sid:84292188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429087/; classtype:trojan-activity;sid:84292187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.107.98.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429086/; classtype:trojan-activity;sid:84292186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.210.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429085/; classtype:trojan-activity;sid:84292185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.65.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429084/; classtype:trojan-activity;sid:84292184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.89.174.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429083/; classtype:trojan-activity;sid:84292183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.226.169.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429082/; classtype:trojan-activity;sid:84292182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429081)"; flow:established,from_client; content:"GET"; http_method; content:"/simps/armv5l"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.90.12.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429081/; classtype:trojan-activity;sid:84292181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429080)"; flow:established,from_client; content:"GET"; http_method; content:"/d/tk74wub4/0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429080/; classtype:trojan-activity;sid:84292180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429073)"; flow:established,from_client; content:"GET"; http_method; content:"/simps/armv6l"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.90.12.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429073/; classtype:trojan-activity;sid:84292173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429074)"; flow:established,from_client; content:"GET"; http_method; content:"/simps/sparc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.90.12.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429074/; classtype:trojan-activity;sid:84292174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429075)"; flow:established,from_client; content:"GET"; http_method; content:"/simps/ur0a.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.90.12.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429075/; classtype:trojan-activity;sid:84292175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429076)"; flow:established,from_client; content:"GET"; http_method; content:"/ukr/client2.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.156.177.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429076/; classtype:trojan-activity;sid:84292176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429077)"; flow:established,from_client; content:"GET"; http_method; content:"/ukr/client.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"88.151.192.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429077/; classtype:trojan-activity;sid:84292177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429078)"; flow:established,from_client; content:"GET"; http_method; content:"/simps/powerpc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.90.12.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429078/; classtype:trojan-activity;sid:84292178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429079)"; flow:established,from_client; content:"GET"; http_method; content:"/simps/armv4l"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.90.12.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429079/; classtype:trojan-activity;sid:84292179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429066)"; flow:established,from_client; content:"GET"; http_method; content:"/simps/armv7l"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.90.12.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429066/; classtype:trojan-activity;sid:84292166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429067)"; flow:established,from_client; content:"GET"; http_method; content:"/simps/x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.90.12.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429067/; classtype:trojan-activity;sid:84292167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429068)"; flow:established,from_client; content:"GET"; http_method; content:"/simps/i586"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.90.12.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429068/; classtype:trojan-activity;sid:84292168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429069)"; flow:established,from_client; content:"GET"; http_method; content:"/simps/i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.90.12.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429069/; classtype:trojan-activity;sid:84292169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429070)"; flow:established,from_client; content:"GET"; http_method; content:"/simps/sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.90.12.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429070/; classtype:trojan-activity;sid:84292170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429071)"; flow:established,from_client; content:"GET"; http_method; content:"/simps/m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.90.12.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429071/; classtype:trojan-activity;sid:84292171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429072)"; flow:established,from_client; content:"GET"; http_method; content:"/simps/mips64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.90.12.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429072/; classtype:trojan-activity;sid:84292172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"99.215.119.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429065/; classtype:trojan-activity;sid:84292165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429064)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.135.17.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429064/; classtype:trojan-activity;sid:84292164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429063/; classtype:trojan-activity;sid:84292163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.8.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429062/; classtype:trojan-activity;sid:84292162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.185.109.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429061/; classtype:trojan-activity;sid:84292161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429060)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.25.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429060/; classtype:trojan-activity;sid:84292160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429059)"; flow:established,from_client; content:"GET"; http_method; content:"/fantazy.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.103.125.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429059/; classtype:trojan-activity;sid:84292159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429051)"; flow:established,from_client; content:"GET"; http_method; content:"/fantazy.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.103.125.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429051/; classtype:trojan-activity;sid:84292151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429052)"; flow:established,from_client; content:"GET"; http_method; content:"/fantazy.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.103.125.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429052/; classtype:trojan-activity;sid:84292152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429053)"; flow:established,from_client; content:"GET"; http_method; content:"/fantazy.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.103.125.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429053/; classtype:trojan-activity;sid:84292153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429054)"; flow:established,from_client; content:"GET"; http_method; content:"/fantazy.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.103.125.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429054/; classtype:trojan-activity;sid:84292154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429055)"; flow:established,from_client; content:"GET"; http_method; content:"/fantazy.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.103.125.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429055/; classtype:trojan-activity;sid:84292155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429056)"; flow:established,from_client; content:"GET"; http_method; content:"/fantazy.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.103.125.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429056/; classtype:trojan-activity;sid:84292156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429057)"; flow:established,from_client; content:"GET"; http_method; content:"/fantazy.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.103.125.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429057/; classtype:trojan-activity;sid:84292157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429058)"; flow:established,from_client; content:"GET"; http_method; content:"/fantazy.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.103.125.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429058/; classtype:trojan-activity;sid:84292158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429050)"; flow:established,from_client; content:"GET"; http_method; content:"/fantazy.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.103.125.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429050/; classtype:trojan-activity;sid:84292150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"99.215.119.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429049/; classtype:trojan-activity;sid:84292149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.118.12.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429047/; classtype:trojan-activity;sid:84292147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429048)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.144.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429048/; classtype:trojan-activity;sid:84292148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429040)"; flow:established,from_client; content:"GET"; http_method; content:"/netis.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"assumedtribsosp.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429040/; classtype:trojan-activity;sid:84292140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429041)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assumedtribsosp.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429041/; classtype:trojan-activity;sid:84292141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429042)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"assumedtribsosp.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429042/; classtype:trojan-activity;sid:84292142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429043)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"budgetttysnzm.shop"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429043/; classtype:trojan-activity;sid:84292143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429044)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"budgetttysnzm.shop"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429044/; classtype:trojan-activity;sid:84292144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429045)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"budgetttysnzm.shop"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429045/; classtype:trojan-activity;sid:84292145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429046)"; flow:established,from_client; content:"GET"; http_method; content:"/netis.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"holdabchoneypots.p-e.kr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429046/; classtype:trojan-activity;sid:84292146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429037)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"assumedtribsosp.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429037/; classtype:trojan-activity;sid:84292137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429038)"; flow:established,from_client; content:"GET"; http_method; content:"/netis.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"budgetttysnzm.shop"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429038/; classtype:trojan-activity;sid:84292138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429039)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"holdabchoneypots.p-e.kr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429039/; classtype:trojan-activity;sid:84292139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429024)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"holdabchoneypots.p-e.kr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429024/; classtype:trojan-activity;sid:84292124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429025)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"holdabchoneypots.p-e.kr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429025/; classtype:trojan-activity;sid:84292125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429026)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug.dbg"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"budgetttysnzm.shop"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429026/; classtype:trojan-activity;sid:84292126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429027)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"assumedtribsosp.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429027/; classtype:trojan-activity;sid:84292127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429028)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"holdabchoneypots.p-e.kr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429028/; classtype:trojan-activity;sid:84292128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429029)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"budgetttysnzm.shop"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429029/; classtype:trojan-activity;sid:84292129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429030)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"holdabchoneypots.p-e.kr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429030/; classtype:trojan-activity;sid:84292130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429031)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"assumedtribsosp.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429031/; classtype:trojan-activity;sid:84292131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429032)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"budgetttysnzm.shop"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429032/; classtype:trojan-activity;sid:84292132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429033)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"budgetttysnzm.shop"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429033/; classtype:trojan-activity;sid:84292133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429034)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"assumedtribsosp.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429034/; classtype:trojan-activity;sid:84292134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429035)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"holdabchoneypots.p-e.kr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429035/; classtype:trojan-activity;sid:84292135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429036)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"assumedtribsosp.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429036/; classtype:trojan-activity;sid:84292136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429002)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug.dbg"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"assumedtribsosp.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429002/; classtype:trojan-activity;sid:84292102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429003)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"budgetttysnzm.shop"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429003/; classtype:trojan-activity;sid:84292103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429004)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"assumedtribsosp.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429004/; classtype:trojan-activity;sid:84292104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429005)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"holdabchoneypots.p-e.kr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429005/; classtype:trojan-activity;sid:84292105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429006)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"budgetttysnzm.shop"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429006/; classtype:trojan-activity;sid:84292106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429007)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"assumedtribsosp.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429007/; classtype:trojan-activity;sid:84292107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429008)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"budgetttysnzm.shop"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429008/; classtype:trojan-activity;sid:84292108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429009)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"assumedtribsosp.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429009/; classtype:trojan-activity;sid:84292109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.134.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429010/; classtype:trojan-activity;sid:84292110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429011)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"budgetttysnzm.shop"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429011/; classtype:trojan-activity;sid:84292111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429012)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"assumedtribsosp.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429012/; classtype:trojan-activity;sid:84292112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429013)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"assumedtribsosp.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429013/; classtype:trojan-activity;sid:84292113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429014)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug.dbg"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"holdabchoneypots.p-e.kr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429014/; classtype:trojan-activity;sid:84292114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429015)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"holdabchoneypots.p-e.kr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429015/; classtype:trojan-activity;sid:84292115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429016)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"budgetttysnzm.shop"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429016/; classtype:trojan-activity;sid:84292116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429017)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"budgetttysnzm.shop"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429017/; classtype:trojan-activity;sid:84292117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429018)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"holdabchoneypots.p-e.kr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429018/; classtype:trojan-activity;sid:84292118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429019)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"holdabchoneypots.p-e.kr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429019/; classtype:trojan-activity;sid:84292119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429020)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"holdabchoneypots.p-e.kr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429020/; classtype:trojan-activity;sid:84292120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429021)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"holdabchoneypots.p-e.kr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429021/; classtype:trojan-activity;sid:84292121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429022)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"assumedtribsosp.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429022/; classtype:trojan-activity;sid:84292122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429023)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"holdabchoneypots.p-e.kr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429023/; classtype:trojan-activity;sid:84292123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429001)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"budgetttysnzm.shop"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429001/; classtype:trojan-activity;sid:84292101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429000)"; flow:established,from_client; content:"GET"; http_method; content:"/57xf1oe3vxvfdlau"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"antiquebotv3.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429000/; classtype:trojan-activity;sid:84292100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428994)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.143.1.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428994/; classtype:trojan-activity;sid:84292094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428995)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug.dbg"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.143.1.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428995/; classtype:trojan-activity;sid:84292095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428996)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"193.143.1.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428996/; classtype:trojan-activity;sid:84292096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428997)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.143.1.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428997/; classtype:trojan-activity;sid:84292097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428998)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"193.143.1.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428998/; classtype:trojan-activity;sid:84292098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428999)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193.143.1.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428999/; classtype:trojan-activity;sid:84292099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428992)"; flow:established,from_client; content:"GET"; http_method; content:"/netis.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.143.1.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428992/; classtype:trojan-activity;sid:84292092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428993)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428993/; classtype:trojan-activity;sid:84292093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.3.10"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428991/; classtype:trojan-activity;sid:84292091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.81.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428990/; classtype:trojan-activity;sid:84292090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428989)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.8.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428989/; classtype:trojan-activity;sid:84292089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.36.187.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428988/; classtype:trojan-activity;sid:84292088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428987)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.198.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428987/; classtype:trojan-activity;sid:84292087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.211.62.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428986/; classtype:trojan-activity;sid:84292086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428985)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.13.92.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428985/; classtype:trojan-activity;sid:84292085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428979)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.47.107.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428979/; classtype:trojan-activity;sid:84292079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.134.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428978/; classtype:trojan-activity;sid:84292078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.118.12.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428977/; classtype:trojan-activity;sid:84292077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.73.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428976/; classtype:trojan-activity;sid:84292076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428974)"; flow:established,from_client; content:"GET"; http_method; content:"/simps/mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.90.12.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428974/; classtype:trojan-activity;sid:84292074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428975)"; flow:established,from_client; content:"GET"; http_method; content:"/simps/mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.90.12.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428975/; classtype:trojan-activity;sid:84292075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.106.55.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428972/; classtype:trojan-activity;sid:84292072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428973)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428973/; classtype:trojan-activity;sid:84292073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.86.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428971/; classtype:trojan-activity;sid:84292071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428970)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.79.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428970/; classtype:trojan-activity;sid:84292070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428969)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.28.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428969/; classtype:trojan-activity;sid:84292069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.36.187.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428968/; classtype:trojan-activity;sid:84292068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.192.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428967/; classtype:trojan-activity;sid:84292067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.92.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428966/; classtype:trojan-activity;sid:84292066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.201.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428965/; classtype:trojan-activity;sid:84292065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428964)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.249.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428964/; classtype:trojan-activity;sid:84292064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.183.27.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428963/; classtype:trojan-activity;sid:84292063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.143.171.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428962/; classtype:trojan-activity;sid:84292062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.179.121.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428961/; classtype:trojan-activity;sid:84292061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428960)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.224.197.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428960/; classtype:trojan-activity;sid:84292060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428959)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428959/; classtype:trojan-activity;sid:84292059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.217.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428958/; classtype:trojan-activity;sid:84292058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.20.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428957/; classtype:trojan-activity;sid:84292057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.129.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428956/; classtype:trojan-activity;sid:84292056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428955)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.241.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428955/; classtype:trojan-activity;sid:84292055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.172.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428954/; classtype:trojan-activity;sid:84292054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428953)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.54.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428953/; classtype:trojan-activity;sid:84292053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.143.171.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428952/; classtype:trojan-activity;sid:84292052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.48.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428951/; classtype:trojan-activity;sid:84292051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428950)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.143.1.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428950/; classtype:trojan-activity;sid:84292050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428947)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"193.143.1.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428947/; classtype:trojan-activity;sid:84292047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428948)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"193.143.1.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428948/; classtype:trojan-activity;sid:84292048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428949)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.143.1.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428949/; classtype:trojan-activity;sid:84292049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428946)"; flow:established,from_client; content:"GET"; http_method; content:"/144/uhg/goodthingswithbestthingstodowithgreatnesscandy.hta"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"198.23.187.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428946/; classtype:trojan-activity;sid:84292046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428945)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.183.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428945/; classtype:trojan-activity;sid:84292045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428944)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.143.1.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428944/; classtype:trojan-activity;sid:84292044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.217.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428943/; classtype:trojan-activity;sid:84292043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428942)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/xen.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428942/; classtype:trojan-activity;sid:84292042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428940)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/latino.ps1"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428940/; classtype:trojan-activity;sid:84292040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428941)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/client.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428941/; classtype:trojan-activity;sid:84292041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428938)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/hump.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428938/; classtype:trojan-activity;sid:84292038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428939)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/xenn.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428939/; classtype:trojan-activity;sid:84292039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428933)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/popo.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428933/; classtype:trojan-activity;sid:84292033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428934)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/engine.ps1"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428934/; classtype:trojan-activity;sid:84292034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428935)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/z.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428935/; classtype:trojan-activity;sid:84292035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428936)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/esn.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428936/; classtype:trojan-activity;sid:84292036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.179.121.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428937/; classtype:trojan-activity;sid:84292037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428932)"; flow:established,from_client; content:"GET"; http_method; content:"/phantom/fvlqx.pdf"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.72.56.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428932/; classtype:trojan-activity;sid:84292032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428931)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.35.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428931/; classtype:trojan-activity;sid:84292031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428930)"; flow:established,from_client; content:"GET"; http_method; content:"/phantom/cwiyrbw.mp4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.72.56.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428930/; classtype:trojan-activity;sid:84292030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428928)"; flow:established,from_client; content:"GET"; http_method; content:"/phantom/xdizrtec.vdf"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.72.56.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428928/; classtype:trojan-activity;sid:84292028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428929)"; flow:established,from_client; content:"GET"; http_method; content:"/phantom/cevxfjcx.mp4"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.72.56.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428929/; classtype:trojan-activity;sid:84292029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428917)"; flow:established,from_client; content:"GET"; http_method; content:"/phantom/trweqqrlt.mp4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.72.56.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428917/; classtype:trojan-activity;sid:84292017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428918)"; flow:established,from_client; content:"GET"; http_method; content:"/phantom/uvgkajphpf.wav"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.72.56.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428918/; classtype:trojan-activity;sid:84292018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428919)"; flow:established,from_client; content:"GET"; http_method; content:"/phantom/jiwzrff.dat"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.72.56.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428919/; classtype:trojan-activity;sid:84292019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428920)"; flow:established,from_client; content:"GET"; http_method; content:"/phantom/bmqtckr.dat"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.72.56.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428920/; classtype:trojan-activity;sid:84292020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428921)"; flow:established,from_client; content:"GET"; http_method; content:"/phantom/augovzz.pdf"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.72.56.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428921/; classtype:trojan-activity;sid:84292021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428922)"; flow:established,from_client; content:"GET"; http_method; content:"/phantom/wrbxidflm.wav"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.72.56.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428922/; classtype:trojan-activity;sid:84292022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428923)"; flow:established,from_client; content:"GET"; http_method; content:"/phantom/muzjxvfdul.vdf"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.72.56.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428923/; classtype:trojan-activity;sid:84292023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428924)"; flow:established,from_client; content:"GET"; http_method; content:"/phantom/gjqptmrxa.wav"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.72.56.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428924/; classtype:trojan-activity;sid:84292024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428925)"; flow:established,from_client; content:"GET"; http_method; content:"/phantom/wxahlnmy.wav"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.72.56.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428925/; classtype:trojan-activity;sid:84292025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428926)"; flow:established,from_client; content:"GET"; http_method; content:"/phantom/zldcpovs.wav"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.72.56.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428926/; classtype:trojan-activity;sid:84292026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428927)"; flow:established,from_client; content:"GET"; http_method; content:"/phantom/palisqw.pdf"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.72.56.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428927/; classtype:trojan-activity;sid:84292027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428916)"; flow:established,from_client; content:"GET"; http_method; content:"/phantom/wkubkvd.dat"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.72.56.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428916/; classtype:trojan-activity;sid:84292016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428915)"; flow:established,from_client; content:"GET"; http_method; content:"/phantom/xkpexhx.dat"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.72.56.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428915/; classtype:trojan-activity;sid:84292015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428914)"; flow:established,from_client; content:"GET"; http_method; content:"/phantom/ytous.dat"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.72.56.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428914/; classtype:trojan-activity;sid:84292014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428912)"; flow:established,from_client; content:"GET"; http_method; content:"/phantom/xawnb.mp3"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.72.56.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428912/; classtype:trojan-activity;sid:84292012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428913)"; flow:established,from_client; content:"GET"; http_method; content:"/phantom/1503"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.72.56.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428913/; classtype:trojan-activity;sid:84292013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428905)"; flow:established,from_client; content:"GET"; http_method; content:"/botsai/abcizdzuf.dat"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.72.56.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428905/; classtype:trojan-activity;sid:84292005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428906)"; flow:established,from_client; content:"GET"; http_method; content:"/phantom/lojvqds.mp3"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.72.56.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428906/; classtype:trojan-activity;sid:84292006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428907)"; flow:established,from_client; content:"GET"; http_method; content:"/phantom/tnrjj.dat"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.72.56.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428907/; classtype:trojan-activity;sid:84292007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428908)"; flow:established,from_client; content:"GET"; http_method; content:"/botsai/jadssyecx.dat"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.72.56.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428908/; classtype:trojan-activity;sid:84292008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428909)"; flow:established,from_client; content:"GET"; http_method; content:"/phantom/bhwznnxwrjj.vdf"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.72.56.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428909/; classtype:trojan-activity;sid:84292009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428910)"; flow:established,from_client; content:"GET"; http_method; content:"/phantom/quvlvdz.mp3"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.72.56.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428910/; classtype:trojan-activity;sid:84292010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428911)"; flow:established,from_client; content:"GET"; http_method; content:"/phantom/mfgfpqodgni.mp3"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.72.56.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428911/; classtype:trojan-activity;sid:84292011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.183.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428904/; classtype:trojan-activity;sid:84292004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428903)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.djtvx.online"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428903/; classtype:trojan-activity;sid:84292003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.73.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428902/; classtype:trojan-activity;sid:84292002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428901)"; flow:established,from_client; content:"GET"; http_method; content:"/gpkvwjasqlz121.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"212.162.149.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428901/; classtype:trojan-activity;sid:84292001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428899)"; flow:established,from_client; content:"GET"; http_method; content:"/gyxbjruunqgwo252.bin"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.29.10.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428899/; classtype:trojan-activity;sid:84291999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428900)"; flow:established,from_client; content:"GET"; http_method; content:"/qqizkshwqtsvtztvwrz56.bin"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.29.10.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428900/; classtype:trojan-activity;sid:84292000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428898)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.2.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428898/; classtype:trojan-activity;sid:84291998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428897)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.59.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428897/; classtype:trojan-activity;sid:84291997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428896)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.185.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428896/; classtype:trojan-activity;sid:84291996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.5.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428895/; classtype:trojan-activity;sid:84291995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.30.112.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428894/; classtype:trojan-activity;sid:84291994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.73.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428893/; classtype:trojan-activity;sid:84291993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.210.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428892/; classtype:trojan-activity;sid:84291992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.235.200.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428891/; classtype:trojan-activity;sid:84291991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.204.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428890/; classtype:trojan-activity;sid:84291990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.101.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428889/; classtype:trojan-activity;sid:84291989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.196.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428888/; classtype:trojan-activity;sid:84291988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.160.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428887/; classtype:trojan-activity;sid:84291987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.63.85.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428886/; classtype:trojan-activity;sid:84291986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.63.85.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428885/; classtype:trojan-activity;sid:84291985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.15.4.201"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428884/; classtype:trojan-activity;sid:84291984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.200.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428883/; classtype:trojan-activity;sid:84291983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.25.233.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428882/; classtype:trojan-activity;sid:84291982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.5.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428881/; classtype:trojan-activity;sid:84291981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.148.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428880/; classtype:trojan-activity;sid:84291980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.229.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428879/; classtype:trojan-activity;sid:84291979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428878)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.143.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428878/; classtype:trojan-activity;sid:84291978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.222.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428876/; classtype:trojan-activity;sid:84291976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.221.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428877/; classtype:trojan-activity;sid:84291977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.13.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428875/; classtype:trojan-activity;sid:84291975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.215.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428874/; classtype:trojan-activity;sid:84291974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.15.4.201"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428873/; classtype:trojan-activity;sid:84291973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428872)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.132.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428872/; classtype:trojan-activity;sid:84291972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.58.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428871/; classtype:trojan-activity;sid:84291971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428870)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.152.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428870/; classtype:trojan-activity;sid:84291970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428868)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.241.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428868/; classtype:trojan-activity;sid:84291968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428869)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.114.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428869/; classtype:trojan-activity;sid:84291969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428867)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.53.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428867/; classtype:trojan-activity;sid:84291967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.229.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428866/; classtype:trojan-activity;sid:84291966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.243.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428865/; classtype:trojan-activity;sid:84291965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.148.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428864/; classtype:trojan-activity;sid:84291964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.2.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428863/; classtype:trojan-activity;sid:84291963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428862)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.2.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428862/; classtype:trojan-activity;sid:84291962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428861)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.137.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428861/; classtype:trojan-activity;sid:84291961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.26.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428860/; classtype:trojan-activity;sid:84291960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.92.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428859/; classtype:trojan-activity;sid:84291959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.144.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428858/; classtype:trojan-activity;sid:84291958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428857)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.gity.site"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428857/; classtype:trojan-activity;sid:84291957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.58.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428856/; classtype:trojan-activity;sid:84291956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.174.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428855/; classtype:trojan-activity;sid:84291955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.243.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428854/; classtype:trojan-activity;sid:84291954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.241.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428853/; classtype:trojan-activity;sid:84291953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428852/; classtype:trojan-activity;sid:84291952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.26.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428851/; classtype:trojan-activity;sid:84291951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.176.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428850/; classtype:trojan-activity;sid:84291950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.144.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428849/; classtype:trojan-activity;sid:84291949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428848)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.163.202.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428848/; classtype:trojan-activity;sid:84291948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.198.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428847/; classtype:trojan-activity;sid:84291947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428846)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.250.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428846/; classtype:trojan-activity;sid:84291946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.151.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428845/; classtype:trojan-activity;sid:84291945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428844)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.27.143"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428844/; classtype:trojan-activity;sid:84291944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.185.109.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428843/; classtype:trojan-activity;sid:84291943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.29.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428840/; classtype:trojan-activity;sid:84291940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.97.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428841/; classtype:trojan-activity;sid:84291941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.63.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428839/; classtype:trojan-activity;sid:84291939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.164.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428838/; classtype:trojan-activity;sid:84291938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.90.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428837/; classtype:trojan-activity;sid:84291937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428836)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.242.210.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428836/; classtype:trojan-activity;sid:84291936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428835)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.198.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428835/; classtype:trojan-activity;sid:84291935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428834)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.145.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428834/; classtype:trojan-activity;sid:84291934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428833)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.165.127.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428833/; classtype:trojan-activity;sid:84291933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428832)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.149.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428832/; classtype:trojan-activity;sid:84291932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.90.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428830/; classtype:trojan-activity;sid:84291930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.118.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428829/; classtype:trojan-activity;sid:84291929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428828)"; flow:established,from_client; content:"GET"; http_method; content:"/chrome-updates.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"files-ld.s3.us-east-2.amazonaws.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428828/; classtype:trojan-activity;sid:84291928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.98.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428827/; classtype:trojan-activity;sid:84291927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.66.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428826/; classtype:trojan-activity;sid:84291926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.180.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428825/; classtype:trojan-activity;sid:84291925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428824)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.44.242.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428824/; classtype:trojan-activity;sid:84291924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.4.84"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428823/; classtype:trojan-activity;sid:84291923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428822)"; flow:established,from_client; content:"GET"; http_method; content:"/ukraine/svc1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"94.156.177.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428822/; classtype:trojan-activity;sid:84291922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.170.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428821/; classtype:trojan-activity;sid:84291921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.186.216.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428819/; classtype:trojan-activity;sid:84291919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.147.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428820/; classtype:trojan-activity;sid:84291920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"yapayzekalar.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428816/; classtype:trojan-activity;sid:84291916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.229.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428817/; classtype:trojan-activity;sid:84291917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.1.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428818/; classtype:trojan-activity;sid:84291918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.54.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428815/; classtype:trojan-activity;sid:84291915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.71.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428814/; classtype:trojan-activity;sid:84291914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.118.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428813/; classtype:trojan-activity;sid:84291913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.98.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428812/; classtype:trojan-activity;sid:84291912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.180.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428811/; classtype:trojan-activity;sid:84291911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.29.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428810/; classtype:trojan-activity;sid:84291910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.233.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428809/; classtype:trojan-activity;sid:84291909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.183.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428808/; classtype:trojan-activity;sid:84291908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.4.84"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428807/; classtype:trojan-activity;sid:84291907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428806)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.65.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428806/; classtype:trojan-activity;sid:84291906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428805)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.229.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428805/; classtype:trojan-activity;sid:84291905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.71.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428804/; classtype:trojan-activity;sid:84291904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.157.253.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428803/; classtype:trojan-activity;sid:84291903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.93.45.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428802/; classtype:trojan-activity;sid:84291902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.170.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428800/; classtype:trojan-activity;sid:84291900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.233.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428801/; classtype:trojan-activity;sid:84291901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/bot.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.113.115.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428797/; classtype:trojan-activity;sid:84291897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/bot64.dll"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.113.115.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428798/; classtype:trojan-activity;sid:84291898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.171.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428799/; classtype:trojan-activity;sid:84291899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.72.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428796/; classtype:trojan-activity;sid:84291896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.112.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428795/; classtype:trojan-activity;sid:84291895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.56.195.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428794/; classtype:trojan-activity;sid:84291894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.72.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428793/; classtype:trojan-activity;sid:84291893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428792)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.41.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428792/; classtype:trojan-activity;sid:84291892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.157.253.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428791/; classtype:trojan-activity;sid:84291891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.93.45.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428790/; classtype:trojan-activity;sid:84291890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.56.195.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428789/; classtype:trojan-activity;sid:84291889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.71.23.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428788/; classtype:trojan-activity;sid:84291888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428787)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.57.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428787/; classtype:trojan-activity;sid:84291887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428786)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.222.57.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428786/; classtype:trojan-activity;sid:84291886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.39.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428785/; classtype:trojan-activity;sid:84291885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428784)"; flow:established,from_client; content:"GET"; http_method; content:"/455/createdbestthingswithbestgunbestofluckgivenmebest.gif"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"185.29.10.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428784/; classtype:trojan-activity;sid:84291884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.111.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428783/; classtype:trojan-activity;sid:84291883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.66.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428782/; classtype:trojan-activity;sid:84291882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428781)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.23.161.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428781/; classtype:trojan-activity;sid:84291881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.55.149.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428780/; classtype:trojan-activity;sid:84291880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428779)"; flow:established,from_client; content:"GET"; http_method; content:"/xteelnu6lvrjclac"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"recepchtav3.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428779/; classtype:trojan-activity;sid:84291879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.130.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428778/; classtype:trojan-activity;sid:84291878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428777)"; flow:established,from_client; content:"GET"; http_method; content:"/files/install.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sadonsgithub.site"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428777/; classtype:trojan-activity;sid:84291877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.19.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428776/; classtype:trojan-activity;sid:84291876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428775)"; flow:established,from_client; content:"GET"; http_method; content:"/455/aut/createdbestthingswithbestgunbestofluckgivenmebest.hta"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"185.29.10.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428775/; classtype:trojan-activity;sid:84291875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.88.132.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428774/; classtype:trojan-activity;sid:84291874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.61.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428772/; classtype:trojan-activity;sid:84291872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428773)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428773/; classtype:trojan-activity;sid:84291873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428771)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.guhv.run"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428771/; classtype:trojan-activity;sid:84291871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428770)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.235.113.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428770/; classtype:trojan-activity;sid:84291870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.248.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428768/; classtype:trojan-activity;sid:84291868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.27.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428769/; classtype:trojan-activity;sid:84291869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428767)"; flow:established,from_client; content:"GET"; http_method; content:"/nf_e.msi"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"abodeefix.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428767/; classtype:trojan-activity;sid:84291867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.8.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428766/; classtype:trojan-activity;sid:84291866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428765)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.102.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428765/; classtype:trojan-activity;sid:84291865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.38.106.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428764/; classtype:trojan-activity;sid:84291864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428763)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.226.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428763/; classtype:trojan-activity;sid:84291863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.111.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428762/; classtype:trojan-activity;sid:84291862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.61.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428760/; classtype:trojan-activity;sid:84291860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.66.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428761/; classtype:trojan-activity;sid:84291861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428759)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.182.77.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428759/; classtype:trojan-activity;sid:84291859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.24.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428758/; classtype:trojan-activity;sid:84291858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.55.149.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428757/; classtype:trojan-activity;sid:84291857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.19.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428756/; classtype:trojan-activity;sid:84291856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.130.87"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428755/; classtype:trojan-activity;sid:84291855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.178.2.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428754/; classtype:trojan-activity;sid:84291854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428753)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.216.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428753/; classtype:trojan-activity;sid:84291853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.205.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428752/; classtype:trojan-activity;sid:84291852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.39.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428751/; classtype:trojan-activity;sid:84291851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.178.2.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428750/; classtype:trojan-activity;sid:84291850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428749)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.222.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428749/; classtype:trojan-activity;sid:84291849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.205.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428748/; classtype:trojan-activity;sid:84291848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.72.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428747/; classtype:trojan-activity;sid:84291847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.159.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428746/; classtype:trojan-activity;sid:84291846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428745)"; flow:established,from_client; content:"GET"; http_method; content:"/resources/logo.mp4"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-media.azureedge.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428745/; classtype:trojan-activity;sid:84291845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428744)"; flow:established,from_client; content:"GET"; http_method; content:"/998/givenbestthingsgoodforbetterthingsentirethingsgivenbest.gif"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"172.245.123.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428744/; classtype:trojan-activity;sid:84291844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428743)"; flow:established,from_client; content:"GET"; http_method; content:"/998/suresheisbeautifulgirlformeforeverything.txt"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"172.245.123.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428743/; classtype:trojan-activity;sid:84291843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.211.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428742/; classtype:trojan-activity;sid:84291842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.210.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428741/; classtype:trojan-activity;sid:84291841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.17.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428740/; classtype:trojan-activity;sid:84291840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.174.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428739/; classtype:trojan-activity;sid:84291839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.159.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428738/; classtype:trojan-activity;sid:84291838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.73.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428737/; classtype:trojan-activity;sid:84291837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428736)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.238.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428736/; classtype:trojan-activity;sid:84291836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428733)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.44.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428733/; classtype:trojan-activity;sid:84291833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428734)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.50.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428734/; classtype:trojan-activity;sid:84291834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428735)"; flow:established,from_client; content:"GET"; http_method; content:"/dmwnmemcm/image/upload/v1738640096/x9ewtlemfphfwvfs83ss.jpg"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"res.cloudinary.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428735/; classtype:trojan-activity;sid:84291835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428732)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.181.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428732/; classtype:trojan-activity;sid:84291832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428730)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/kkns/seemybestpicturewithentiretime.txt"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"185.29.10.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428730/; classtype:trojan-activity;sid:84291830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428731)"; flow:established,from_client; content:"GET"; http_method; content:"/430/seethebestthingswithgreatnessgoodformybestie.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"104.168.7.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428731/; classtype:trojan-activity;sid:84291831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428729)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/kkns/sheismybeautifulladywholovesme.gif"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"185.29.10.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428729/; classtype:trojan-activity;sid:84291829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428728)"; flow:established,from_client; content:"GET"; http_method; content:"/430/goodgirlalwaysbeagoodgirlwithbetterpersongood.gif"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"104.168.7.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428728/; classtype:trojan-activity;sid:84291828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428727)"; flow:established,from_client; content:"GET"; http_method; content:"/669/seethebestthingswithgoodandgreatnessthingsentiretimefor.gif"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"217.160.163.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428727/; classtype:trojan-activity;sid:84291827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428726)"; flow:established,from_client; content:"GET"; http_method; content:"/dmwnmemcm/image/upload/v1738645629/unwydr4nrrkbsfdjpwz2.jpg"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"res.cloudinary.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428726/; classtype:trojan-activity;sid:84291826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428725)"; flow:established,from_client; content:"GET"; http_method; content:"/fromgrfdroid.txt"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"107.175.229.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428725/; classtype:trojan-activity;sid:84291825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428724)"; flow:established,from_client; content:"GET"; http_method; content:"/mpdwforxlaconstraints.vbs"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"107.175.229.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428724/; classtype:trojan-activity;sid:84291824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428723)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/fbo/sheisagoodgirlwholovesmybestiregood.gif"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"185.29.10.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428723/; classtype:trojan-activity;sid:84291823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428722)"; flow:established,from_client; content:"GET"; http_method; content:"/daxwua63y/image/upload/v1738334533/alcb4htolzvfhzzufqh5.jpg"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"res.cloudinary.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428722/; classtype:trojan-activity;sid:84291822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.14.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428721/; classtype:trojan-activity;sid:84291821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.72.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428720/; classtype:trojan-activity;sid:84291820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.211.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428719/; classtype:trojan-activity;sid:84291819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.197.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428718/; classtype:trojan-activity;sid:84291818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.73.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428717/; classtype:trojan-activity;sid:84291817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.17.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428715/; classtype:trojan-activity;sid:84291815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.107.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428716/; classtype:trojan-activity;sid:84291816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.24.132.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428714/; classtype:trojan-activity;sid:84291814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428713)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.211.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428713/; classtype:trojan-activity;sid:84291813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428712)"; flow:established,from_client; content:"GET"; http_method; content:"/127/cann.e.bk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"198.23.187.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428712/; classtype:trojan-activity;sid:84291812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428711)"; flow:established,from_client; content:"GET"; http_method; content:"/127/cann.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"198.23.187.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428711/; classtype:trojan-activity;sid:84291811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.183.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428710/; classtype:trojan-activity;sid:84291810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428709)"; flow:established,from_client; content:"GET"; http_method; content:"/bab.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"downloads-dimension-loading-alpine.trycloudflare.com"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428709/; classtype:trojan-activity;sid:84291809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428708)"; flow:established,from_client; content:"GET"; http_method; content:"/ftsp.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"downloads-dimension-loading-alpine.trycloudflare.com"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428708/; classtype:trojan-activity;sid:84291808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428705)"; flow:established,from_client; content:"GET"; http_method; content:"/ftsp.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"coaches-revealed-everyday-bargain.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428705/; classtype:trojan-activity;sid:84291805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428706)"; flow:established,from_client; content:"GET"; http_method; content:"/bab.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"coaches-revealed-everyday-bargain.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428706/; classtype:trojan-activity;sid:84291806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428707)"; flow:established,from_client; content:"GET"; http_method; content:"/cam.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"coaches-revealed-everyday-bargain.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428707/; classtype:trojan-activity;sid:84291807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428704)"; flow:established,from_client; content:"GET"; http_method; content:"/cam.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"downloads-dimension-loading-alpine.trycloudflare.com"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428704/; classtype:trojan-activity;sid:84291804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.95.196.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428703/; classtype:trojan-activity;sid:84291803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428700)"; flow:established,from_client; content:"GET"; http_method; content:"/kjsavbayrtsa/1tysagvbasqa.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"downloads-dimension-loading-alpine.trycloudflare.com"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428700/; classtype:trojan-activity;sid:84291800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428701)"; flow:established,from_client; content:"GET"; http_method; content:"/1rysa8ks0tya/1syaksa.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"coaches-revealed-everyday-bargain.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428701/; classtype:trojan-activity;sid:84291801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428702)"; flow:established,from_client; content:"GET"; http_method; content:"/new.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"coaches-revealed-everyday-bargain.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428702/; classtype:trojan-activity;sid:84291802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428692)"; flow:established,from_client; content:"GET"; http_method; content:"/de/re-00738017.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"downloads-dimension-loading-alpine.trycloudflare.com"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428692/; classtype:trojan-activity;sid:84291792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428693)"; flow:established,from_client; content:"GET"; http_method; content:"/jan.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"coaches-revealed-everyday-bargain.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428693/; classtype:trojan-activity;sid:84291793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428694)"; flow:established,from_client; content:"GET"; http_method; content:"/2ys09ksa/2ysbva09r_pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"downloads-dimension-loading-alpine.trycloudflare.com"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428694/; classtype:trojan-activity;sid:84291794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428695)"; flow:established,from_client; content:"GET"; http_method; content:"/kjsavbayrtsa/1tysagvbasqa.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"coaches-revealed-everyday-bargain.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428695/; classtype:trojan-activity;sid:84291795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428696)"; flow:established,from_client; content:"GET"; http_method; content:"/1rysa8ks0tya/1syaksa.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"downloads-dimension-loading-alpine.trycloudflare.com"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428696/; classtype:trojan-activity;sid:84291796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428697)"; flow:established,from_client; content:"GET"; http_method; content:"/2ys09ksa/2ysbva09r_pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"coaches-revealed-everyday-bargain.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428697/; classtype:trojan-activity;sid:84291797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428698)"; flow:established,from_client; content:"GET"; http_method; content:"/new.vbs"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"coaches-revealed-everyday-bargain.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428698/; classtype:trojan-activity;sid:84291798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428699)"; flow:established,from_client; content:"GET"; http_method; content:"/de/re-00738017.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"coaches-revealed-everyday-bargain.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428699/; classtype:trojan-activity;sid:84291799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428681)"; flow:established,from_client; content:"GET"; http_method; content:"/pws.vbs"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"coaches-revealed-everyday-bargain.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428681/; classtype:trojan-activity;sid:84291781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428682)"; flow:established,from_client; content:"GET"; http_method; content:"/pws.vbs"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"downloads-dimension-loading-alpine.trycloudflare.com"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428682/; classtype:trojan-activity;sid:84291782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428683)"; flow:established,from_client; content:"GET"; http_method; content:"/startupppp.bat"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"coaches-revealed-everyday-bargain.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428683/; classtype:trojan-activity;sid:84291783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428684)"; flow:established,from_client; content:"GET"; http_method; content:"/55.js"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"coaches-revealed-everyday-bargain.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428684/; classtype:trojan-activity;sid:84291784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428685)"; flow:established,from_client; content:"GET"; http_method; content:"/pws1.vbs"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"coaches-revealed-everyday-bargain.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428685/; classtype:trojan-activity;sid:84291785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428686)"; flow:established,from_client; content:"GET"; http_method; content:"/55.js"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"downloads-dimension-loading-alpine.trycloudflare.com"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428686/; classtype:trojan-activity;sid:84291786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428687)"; flow:established,from_client; content:"GET"; http_method; content:"/new.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"downloads-dimension-loading-alpine.trycloudflare.com"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428687/; classtype:trojan-activity;sid:84291787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428688)"; flow:established,from_client; content:"GET"; http_method; content:"/startupppp.bat"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"downloads-dimension-loading-alpine.trycloudflare.com"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428688/; classtype:trojan-activity;sid:84291788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428689)"; flow:established,from_client; content:"GET"; http_method; content:"/new.vbs"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"downloads-dimension-loading-alpine.trycloudflare.com"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428689/; classtype:trojan-activity;sid:84291789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428690)"; flow:established,from_client; content:"GET"; http_method; content:"/pws1.vbs"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"downloads-dimension-loading-alpine.trycloudflare.com"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428690/; classtype:trojan-activity;sid:84291790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428691)"; flow:established,from_client; content:"GET"; http_method; content:"/jan.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"downloads-dimension-loading-alpine.trycloudflare.com"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428691/; classtype:trojan-activity;sid:84291791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.149.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428680/; classtype:trojan-activity;sid:84291780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.35.0"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428679/; classtype:trojan-activity;sid:84291779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428678)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.29.46.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428678/; classtype:trojan-activity;sid:84291778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.69.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428677/; classtype:trojan-activity;sid:84291777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.34.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428676/; classtype:trojan-activity;sid:84291776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.251.176.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428674/; classtype:trojan-activity;sid:84291774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428675)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.245.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428675/; classtype:trojan-activity;sid:84291775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.36.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428673/; classtype:trojan-activity;sid:84291773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.6.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428671/; classtype:trojan-activity;sid:84291771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.197.140.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428672/; classtype:trojan-activity;sid:84291772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.101.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428670/; classtype:trojan-activity;sid:84291770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.79.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428668/; classtype:trojan-activity;sid:84291768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.241.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428669/; classtype:trojan-activity;sid:84291769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.200.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428667/; classtype:trojan-activity;sid:84291767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.69.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428666/; classtype:trojan-activity;sid:84291766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428642)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_9758-1-1200x800.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428642/; classtype:trojan-activity;sid:84291742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428643)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sertifikat-kkr.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428643/; classtype:trojan-activity;sid:84291743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428644)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/020.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428644/; classtype:trojan-activity;sid:84291744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428645)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/040.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428645/; classtype:trojan-activity;sid:84291745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428646)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/op-01.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428646/; classtype:trojan-activity;sid:84291746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428647)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/landscapes-12.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428647/; classtype:trojan-activity;sid:84291747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428648)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resumen-ejecutivo-encuesta-nacional-de-percepcion-social_web.pdf.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428648/; classtype:trojan-activity;sid:84291748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428649)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/camscanner-09-28-2023-16.37_1.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428649/; classtype:trojan-activity;sid:84291749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428650)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-contaminacion-residuos-solidos-estudiante.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428650/; classtype:trojan-activity;sid:84291750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428651)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ims-cable-vulcanizer.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428651/; classtype:trojan-activity;sid:84291751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428652)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/she-fed-him-viagra-then-tied-him-to-the-bed.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428652/; classtype:trojan-activity;sid:84291752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428653)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/soos-si-reclamantul2.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428653/; classtype:trojan-activity;sid:84291753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428654)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4-2.png.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428654/; classtype:trojan-activity;sid:84291754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428655)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vibration-controller.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428655/; classtype:trojan-activity;sid:84291755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428656)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1972-2-1.jpeg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428656/; classtype:trojan-activity;sid:84291756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428657)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ba_programme_outcome.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428657/; classtype:trojan-activity;sid:84291757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428658)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/p2.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428658/; classtype:trojan-activity;sid:84291758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428659)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/d_997640-mlu50293089781_062022-o-1.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428659/; classtype:trojan-activity;sid:84291759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428660)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cirese-cherry-scaled.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428660/; classtype:trojan-activity;sid:84291760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428661)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/31-1.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428661/; classtype:trojan-activity;sid:84291761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428662)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/building.2.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428662/; classtype:trojan-activity;sid:84291762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428663)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/l0.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428663/; classtype:trojan-activity;sid:84291763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428664)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/landscapes-13.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428664/; classtype:trojan-activity;sid:84291764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428665)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/accounting-finance-.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428665/; classtype:trojan-activity;sid:84291765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428639)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circular-of-bihar-state-senior-women-2024-25.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428639/; classtype:trojan-activity;sid:84291739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428640)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sertifikat-akreditasi-sitek.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428640/; classtype:trojan-activity;sid:84291740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428641)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/365-2.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428641/; classtype:trojan-activity;sid:84291741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428630)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/op-05.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428630/; classtype:trojan-activity;sid:84291730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428631)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/capture4-1.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428631/; classtype:trojan-activity;sid:84291731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428632)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/formulario_de_postulacion_concurso_xxi_eje_valoracion_junio.xlsx.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428632/; classtype:trojan-activity;sid:84291732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428633)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hype-1y4-scaled.jpeg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428633/; classtype:trojan-activity;sid:84291733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428634)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7-7.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428634/; classtype:trojan-activity;sid:84291734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428635)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/booty-band-workout.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428635/; classtype:trojan-activity;sid:84291735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428636)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.hobx.run"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428636/; classtype:trojan-activity;sid:84291736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428637)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2020-06-10_09h36_21.gif.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428637/; classtype:trojan-activity;sid:84291737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428638)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/p5.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428638/; classtype:trojan-activity;sid:84291738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428601)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/14-scaled.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428601/; classtype:trojan-activity;sid:84291701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428602)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9-3.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428602/; classtype:trojan-activity;sid:84291702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428603)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/op-03.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428603/; classtype:trojan-activity;sid:84291703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428604)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1h8a2914-1200x750-1.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428604/; classtype:trojan-activity;sid:84291704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428605)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/g0.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428605/; classtype:trojan-activity;sid:84291705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428606)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/op-02.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428606/; classtype:trojan-activity;sid:84291706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428607)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jonesetal2009_wengen.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428607/; classtype:trojan-activity;sid:84291707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428608)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/what-is-science-based-reputation-management.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428608/; classtype:trojan-activity;sid:84291708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428609)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/endofsummer-080.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428609/; classtype:trojan-activity;sid:84291709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428610)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vii-tfo-reino-de-aragon-sala.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428610/; classtype:trojan-activity;sid:84291710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428611)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6-17.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428611/; classtype:trojan-activity;sid:84291711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428612)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/50-scaled.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428612/; classtype:trojan-activity;sid:84291712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428613)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1h8a2910-1200x750-1.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428613/; classtype:trojan-activity;sid:84291713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428614)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ihc-pamphlet-1.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428614/; classtype:trojan-activity;sid:84291714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428615)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-2.png.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428615/; classtype:trojan-activity;sid:84291715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428616)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/entrance2.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428616/; classtype:trojan-activity;sid:84291716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428617)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/30-resistance-tube-exercises.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428617/; classtype:trojan-activity;sid:84291717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428618)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zero_anilina02.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428618/; classtype:trojan-activity;sid:84291718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428619)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/f0.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428619/; classtype:trojan-activity;sid:84291719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428620)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1019-533x800.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428620/; classtype:trojan-activity;sid:84291720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428621)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6-9.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428621/; classtype:trojan-activity;sid:84291721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428622)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/i0.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428622/; classtype:trojan-activity;sid:84291722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428623)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1604486659_iem_alpertoprak_gorsel.jpg.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428623/; classtype:trojan-activity;sid:84291723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428624)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/23-1.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428624/; classtype:trojan-activity;sid:84291724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428625)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2020-06-10_09h37_40.gif.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428625/; classtype:trojan-activity;sid:84291725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428626)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1h8a2900-1200x750-1.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428626/; classtype:trojan-activity;sid:84291726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428627)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sertifikat-sitek.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428627/; classtype:trojan-activity;sid:84291727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428628)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/167545531598bcbc70d327c232c4cdbe8e0767426c.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428628/; classtype:trojan-activity;sid:84291728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428629)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/semarang-charter-february-3-2024-uin-wali-songo.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428629/; classtype:trojan-activity;sid:84291729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428599)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/p4.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428599/; classtype:trojan-activity;sid:84291699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428600)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/m0.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428600/; classtype:trojan-activity;sid:84291700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428576)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/j0.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428576/; classtype:trojan-activity;sid:84291676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428577)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2022-10-18-at-10.15.00.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428577/; classtype:trojan-activity;sid:84291677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428578)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/32-1.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428578/; classtype:trojan-activity;sid:84291678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428579)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3-2.png.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428579/; classtype:trojan-activity;sid:84291679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428580)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rope-light.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428580/; classtype:trojan-activity;sid:84291680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428581)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/030.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428581/; classtype:trojan-activity;sid:84291681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428582)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/34-1.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428582/; classtype:trojan-activity;sid:84291682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428583)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_4561-1200x800.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428583/; classtype:trojan-activity;sid:84291683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428584)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/universo-retratado-5.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428584/; classtype:trojan-activity;sid:84291684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428585)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/emotional-intelligence-for-sales-success-lessons5.docx.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428585/; classtype:trojan-activity;sid:84291685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428586)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3-9.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428586/; classtype:trojan-activity;sid:84291686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428587)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgm7461-1024x683.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428587/; classtype:trojan-activity;sid:84291687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428588)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1h8a2917-1200x750-1.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428588/; classtype:trojan-activity;sid:84291688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428589)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/where%20is%20my%20pudding.xls"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428589/; classtype:trojan-activity;sid:84291689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428590)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/15-scaled.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428590/; classtype:trojan-activity;sid:84291690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428591)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dhu-hfw1800thpi428.png.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428591/; classtype:trojan-activity;sid:84291691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428592)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bwk-tbs-602-b-e1535602482598.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428592/; classtype:trojan-activity;sid:84291692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.211.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428593/; classtype:trojan-activity;sid:84291693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428594)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2020-06-10_09h40_43.gif.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428594/; classtype:trojan-activity;sid:84291694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428595)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circular-of-bihar-state-rapid-blitz-2024-25.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428595/; classtype:trojan-activity;sid:84291695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428596)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/op-04.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428596/; classtype:trojan-activity;sid:84291696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428597)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/e0.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428597/; classtype:trojan-activity;sid:84291697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428598)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sk-dan-sertifikat-akreditasi-ajk.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428598/; classtype:trojan-activity;sid:84291698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.95.196.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428575/; classtype:trojan-activity;sid:84291675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428567)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/21-scaled.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428567/; classtype:trojan-activity;sid:84291667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428568)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/countertops20182.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428568/; classtype:trojan-activity;sid:84291668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428569)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2020-06-10_09h39_53.gif.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428569/; classtype:trojan-activity;sid:84291669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428570)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/asus-zenbook-14x-oled-q420va-300x300-1.png.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428570/; classtype:trojan-activity;sid:84291670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428571)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/23twinbedsfan.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428571/; classtype:trojan-activity;sid:84291671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428572)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1.-loi-n2525252525252525252525252525252525252525252525252525252525252525c22525252525252525252525252525252525252525252525252525252525252525b0-99-010-du-17-avril-1999-regissant-les-activites-du-secteur-petrolier-aval.pdf.lnk"; http_uri; depth:233; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428572/; classtype:trojan-activity;sid:84291672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428573)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/system_alarmowy_z_barierami_podczerwieni_optex.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428573/; classtype:trojan-activity;sid:84291673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428574)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sertifikat-ajk.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428574/; classtype:trojan-activity;sid:84291674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428547)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h0.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428547/; classtype:trojan-activity;sid:84291647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428548)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/l5015b.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428548/; classtype:trojan-activity;sid:84291648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428549)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sertifikat-akreditasi-prodi-kkr.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428549/; classtype:trojan-activity;sid:84291649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428550)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pza3_cambiar-tama252525252525252525252525252525252525252525252525252525252525252525c3252525252525252525252525252525252525252525252525252525252525252525b1o-scaled.jpg.lnk"; http_uri; depth:180; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428550/; classtype:trojan-activity;sid:84291650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428551)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/k0.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428551/; classtype:trojan-activity;sid:84291651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428552)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1h8a2912-1200x750-1.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428552/; classtype:trojan-activity;sid:84291652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428553)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/p6.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428553/; classtype:trojan-activity;sid:84291653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428554)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/explora_me2525252525252525252525252525252525252525252525cc252525252525252525252525252525252525252525252581todo-cienti2525252525252525252525252525252525252525252525cc252525252525252525252525252525252525252525252581fico_mv.pdf.lnk"; http_uri; depth:239; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428554/; classtype:trojan-activity;sid:84291654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428555)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20-scaled.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428555/; classtype:trojan-activity;sid:84291655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428556)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/p1.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428556/; classtype:trojan-activity;sid:84291656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428557)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bag2_cambiar-tama252525252525252525252525252525252525252525252525252525252525252525c3252525252525252525252525252525252525252525252525252525252525252525b1o-scaled.jpg.lnk"; http_uri; depth:180; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428557/; classtype:trojan-activity;sid:84291657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428558)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pza4_cambiar-tama252525252525252525252525252525252525252525252525252525252525252525c3252525252525252525252525252525252525252525252525252525252525252525b1o-scaled.jpg.lnk"; http_uri; depth:180; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428558/; classtype:trojan-activity;sid:84291658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428559)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/0a.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428559/; classtype:trojan-activity;sid:84291659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428560)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/wood-3.png.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428560/; classtype:trojan-activity;sid:84291660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428561)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/poli_6-1.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428561/; classtype:trojan-activity;sid:84291661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428562)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/business-management.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428562/; classtype:trojan-activity;sid:84291662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428563)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bag1_cambiar-tama252525252525252525252525252525252525252525252525252525252525252525c3252525252525252525252525252525252525252525252525252525252525252525b1o-scaled.jpg.lnk"; http_uri; depth:180; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428563/; classtype:trojan-activity;sid:84291663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428564)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/universo-retratado-4.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428564/; classtype:trojan-activity;sid:84291664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428565)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chill-cashew-1024x768.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428565/; classtype:trojan-activity;sid:84291665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428566)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fire-following-terrorism-a-suggested-approach-to-estimate-the-loss-potential.pdf.lnk"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428566/; classtype:trojan-activity;sid:84291666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.236.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428546/; classtype:trojan-activity;sid:84291646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.65.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428545/; classtype:trojan-activity;sid:84291645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.89.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428544/; classtype:trojan-activity;sid:84291644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428543)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.57.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428543/; classtype:trojan-activity;sid:84291643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.35.0"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428542/; classtype:trojan-activity;sid:84291642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.99.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428541/; classtype:trojan-activity;sid:84291641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.210.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428540/; classtype:trojan-activity;sid:84291640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.225.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428538/; classtype:trojan-activity;sid:84291638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428539)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.xyms.run"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428539/; classtype:trojan-activity;sid:84291639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.9.75"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428537/; classtype:trojan-activity;sid:84291637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.24.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428536/; classtype:trojan-activity;sid:84291636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.135.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428535/; classtype:trojan-activity;sid:84291635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.101.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428534/; classtype:trojan-activity;sid:84291634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.241.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428533/; classtype:trojan-activity;sid:84291633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428532)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.169.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428532/; classtype:trojan-activity;sid:84291632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428531)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428531/; classtype:trojan-activity;sid:84291631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.79.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428529/; classtype:trojan-activity;sid:84291629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428530)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/icvpzbx4vn6lcthva168z/zzjg.zip|3f|rlkey=kntc36792grkm64xriqputbdq|7c|26|7c|st=px51yl8u|7c|26|7c|dl=1"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428530/; classtype:trojan-activity;sid:84291630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.236.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428528/; classtype:trojan-activity;sid:84291628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.80.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428527/; classtype:trojan-activity;sid:84291627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.247.92.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428526/; classtype:trojan-activity;sid:84291626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428525)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.203.240.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428525/; classtype:trojan-activity;sid:84291625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428524)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.17.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428524/; classtype:trojan-activity;sid:84291624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428523)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.87.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428523/; classtype:trojan-activity;sid:84291623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428521)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.64.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428521/; classtype:trojan-activity;sid:84291621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428522)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.255.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428522/; classtype:trojan-activity;sid:84291622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"104.193.56.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428520/; classtype:trojan-activity;sid:84291620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.225.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428519/; classtype:trojan-activity;sid:84291619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.135.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428518/; classtype:trojan-activity;sid:84291618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.100.247.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428517/; classtype:trojan-activity;sid:84291617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428516)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.209.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428516/; classtype:trojan-activity;sid:84291616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.13.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428515/; classtype:trojan-activity;sid:84291615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.92.58.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428514/; classtype:trojan-activity;sid:84291614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428513)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.99.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428513/; classtype:trojan-activity;sid:84291613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428512)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.247.92.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428512/; classtype:trojan-activity;sid:84291612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.75.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428511/; classtype:trojan-activity;sid:84291611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428510)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.73.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428510/; classtype:trojan-activity;sid:84291610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428509)"; flow:established,from_client; content:"GET"; http_method; content:"/sohpierainxz/fnaf-1/refs/heads/main/fusca%20game.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428509/; classtype:trojan-activity;sid:84291609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428508)"; flow:established,from_client; content:"GET"; http_method; content:"/simon990520/am/refs/heads/main/am.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428508/; classtype:trojan-activity;sid:84291608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428507)"; flow:established,from_client; content:"GET"; http_method; content:"/download/loginzerox2v82.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"zero-cdn.click"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428507/; classtype:trojan-activity;sid:84291607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428505)"; flow:established,from_client; content:"GET"; http_method; content:"/simon990520/am/raw/refs/heads/main/am.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428505/; classtype:trojan-activity;sid:84291605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428506)"; flow:established,from_client; content:"GET"; http_method; content:"/proltop1/popka/raw/master/svchost.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428506/; classtype:trojan-activity;sid:84291606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428504)"; flow:established,from_client; content:"GET"; http_method; content:"/temperloin/piponis/refs/heads/main/jrirkfiweid.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428504/; classtype:trojan-activity;sid:84291604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428503)"; flow:established,from_client; content:"GET"; http_method; content:"/salah/system.ps1"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"88.243.168.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428503/; classtype:trojan-activity;sid:84291603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428502)"; flow:established,from_client; content:"GET"; http_method; content:"/cyber_security/xworm.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"blockchainsdev.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428502/; classtype:trojan-activity;sid:84291602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428500)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.zyfu.site"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428500/; classtype:trojan-activity;sid:84291600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428501)"; flow:established,from_client; content:"GET"; http_method; content:"/fileupload.io/default_folder/trojan-3.v.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"s3.eu-central-1.amazonaws.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428501/; classtype:trojan-activity;sid:84291601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428499)"; flow:established,from_client; content:"GET"; http_method; content:"/ailojam/aiopef/raw/refs/heads/main/filfin1.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428499/; classtype:trojan-activity;sid:84291599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428495)"; flow:established,from_client; content:"GET"; http_method; content:"/updater.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"84.234.19.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428495/; classtype:trojan-activity;sid:84291595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428496)"; flow:established,from_client; content:"GET"; http_method; content:"/maconha.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"sb.bombeirocivil2.digital"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428496/; classtype:trojan-activity;sid:84291596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428497)"; flow:established,from_client; content:"GET"; http_method; content:"/temperloin/piponis/raw/refs/heads/main/jrirkfiweid.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428497/; classtype:trojan-activity;sid:84291597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428498)"; flow:established,from_client; content:"GET"; http_method; content:"/zoax33/utils/blob/master/savedecrypter.exe|3f|raw=true"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428498/; classtype:trojan-activity;sid:84291598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428485)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.143.1.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428485/; classtype:trojan-activity;sid:84291585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428486)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.wozy.site"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428486/; classtype:trojan-activity;sid:84291586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428487)"; flow:established,from_client; content:"GET"; http_method; content:"/998/sema/besttogivebetterwayforbestthingsgoodformebestofnaturalthings.hta"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"172.245.123.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428487/; classtype:trojan-activity;sid:84291587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428488)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/mpa/niceworkwithgreatjobgivenmebestthings.hta"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"146.59.116.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428488/; classtype:trojan-activity;sid:84291588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428489)"; flow:established,from_client; content:"GET"; http_method; content:"/lwku/vtwtsds_30012025.hta"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"facturasolegs.shop"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428489/; classtype:trojan-activity;sid:84291589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428490)"; flow:established,from_client; content:"GET"; http_method; content:"/phpmyadmin/test/!help_sos.hta"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"202.29.95.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428490/; classtype:trojan-activity;sid:84291590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428491)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/zina/seemybestthingswithmygreatnesswithgoodthingswith.hta"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"198.23.187.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428491/; classtype:trojan-activity;sid:84291591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428492)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/softokn3.dll|3f|"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"185.215.113.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428492/; classtype:trojan-activity;sid:84291592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428493)"; flow:established,from_client; content:"GET"; http_method; content:"/temperloin/piponis/raw/refs/heads/main/cjrimgid.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428493/; classtype:trojan-activity;sid:84291593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428494)"; flow:established,from_client; content:"GET"; http_method; content:"/build.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"upload.venomtools.in"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428494/; classtype:trojan-activity;sid:84291594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.99.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428480/; classtype:trojan-activity;sid:84291580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428481)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.58.58.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428481/; classtype:trojan-activity;sid:84291581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428482)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/679b25792af7f_crypted.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"95.164.53.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428482/; classtype:trojan-activity;sid:84291582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428483)"; flow:established,from_client; content:"GET"; http_method; content:"/maconha.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"63.141.255.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428483/; classtype:trojan-activity;sid:84291583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428484)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hold.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"193.143.1.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428484/; classtype:trojan-activity;sid:84291584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428477)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"165.154.224.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428477/; classtype:trojan-activity;sid:84291577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428478)"; flow:established,from_client; content:"GET"; http_method; content:"/conha.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"63.141.255.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428478/; classtype:trojan-activity;sid:84291578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428479)"; flow:established,from_client; content:"GET"; http_method; content:"/get/bpoyf5bauz/host.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428479/; classtype:trojan-activity;sid:84291579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428475)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/msvcp140.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"94.142.138.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428475/; classtype:trojan-activity;sid:84291575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428476)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.pylo.site"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428476/; classtype:trojan-activity;sid:84291576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428470)"; flow:established,from_client; content:"GET"; http_method; content:"/emmanbbiggggiii.txt"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"107.175.229.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428470/; classtype:trojan-activity;sid:84291570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428471)"; flow:established,from_client; content:"GET"; http_method; content:"/455/seethebestthignsentiretimegivenmebest.txt"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"185.29.10.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428471/; classtype:trojan-activity;sid:84291571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428472)"; flow:established,from_client; content:"GET"; http_method; content:"/acfy/cpdb/raw/main/cpdb.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428472/; classtype:trojan-activity;sid:84291572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428473)"; flow:established,from_client; content:"GET"; http_method; content:"/pe.txt"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.albuspsikoloji.com.tr"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428473/; classtype:trojan-activity;sid:84291573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428474)"; flow:established,from_client; content:"GET"; http_method; content:"/oldojo.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"babaszepsegverseny.hu"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428474/; classtype:trojan-activity;sid:84291574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428468)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/fbo/seemybestieperformancegood.txt"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"185.29.10.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428468/; classtype:trojan-activity;sid:84291568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428469)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/koc/verynicegirlfriendshegoodbeautiful.txt"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"185.29.10.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428469/; classtype:trojan-activity;sid:84291569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428466)"; flow:established,from_client; content:"GET"; http_method; content:"/669/bestthingsalwaysgoingonwithbestthinkinghings.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"217.160.163.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428466/; classtype:trojan-activity;sid:84291566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428467)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.jefx.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428467/; classtype:trojan-activity;sid:84291567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.4.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428465/; classtype:trojan-activity;sid:84291565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428464)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.27.199.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428464/; classtype:trojan-activity;sid:84291564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.39.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428463/; classtype:trojan-activity;sid:84291563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.162.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428462/; classtype:trojan-activity;sid:84291562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.112.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428461/; classtype:trojan-activity;sid:84291561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.211.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428460/; classtype:trojan-activity;sid:84291560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.193.56.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428459/; classtype:trojan-activity;sid:84291559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428458)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.243.215.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428458/; classtype:trojan-activity;sid:84291558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428457)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.23.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428457/; classtype:trojan-activity;sid:84291557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428456)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.43.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428456/; classtype:trojan-activity;sid:84291556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.4.224.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428455/; classtype:trojan-activity;sid:84291555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428453)"; flow:established,from_client; content:"GET"; http_method; content:"/r3supportsolutionsframework-13.0.1.131.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"81.177.215.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428453/; classtype:trojan-activity;sid:84291553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428454)"; flow:established,from_client; content:"GET"; http_method; content:"/r2supportsolutionsframework-13.0.1.131.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"81.177.215.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428454/; classtype:trojan-activity;sid:84291554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428452)"; flow:established,from_client; content:"GET"; http_method; content:"/teambuild/st.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"89.23.99.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428452/; classtype:trojan-activity;sid:84291552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428450)"; flow:established,from_client; content:"GET"; http_method; content:"/3.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"89.23.103.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428450/; classtype:trojan-activity;sid:84291550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428451)"; flow:established,from_client; content:"GET"; http_method; content:"/r4supportsolutionsframework-13.0.1.131.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"81.177.215.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428451/; classtype:trojan-activity;sid:84291551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428446)"; flow:established,from_client; content:"GET"; http_method; content:"/r1supportsolutionsframework-13.0.1.131.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"81.177.215.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428446/; classtype:trojan-activity;sid:84291546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428447)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"89.23.103.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428447/; classtype:trojan-activity;sid:84291547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428448)"; flow:established,from_client; content:"GET"; http_method; content:"/r1supportsolutionsframework-13.0.1.131.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"81.177.215.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428448/; classtype:trojan-activity;sid:84291548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428449)"; flow:established,from_client; content:"GET"; http_method; content:"/r4supportsolutionsframework-13.0.1.131.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"81.177.215.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428449/; classtype:trojan-activity;sid:84291549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428443)"; flow:established,from_client; content:"GET"; http_method; content:"/r3supportsolutionsframework-13.0.1.131.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"81.177.215.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428443/; classtype:trojan-activity;sid:84291543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428444)"; flow:established,from_client; content:"GET"; http_method; content:"/2.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"89.23.103.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428444/; classtype:trojan-activity;sid:84291544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428445)"; flow:established,from_client; content:"GET"; http_method; content:"/4.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"89.23.103.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428445/; classtype:trojan-activity;sid:84291545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428442)"; flow:established,from_client; content:"GET"; http_method; content:"/r2supportsolutionsframework-13.0.1.131.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"81.177.215.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428442/; classtype:trojan-activity;sid:84291542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428441)"; flow:established,from_client; content:"GET"; http_method; content:"/teambuild/bt.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"89.23.99.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428441/; classtype:trojan-activity;sid:84291541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428440)"; flow:established,from_client; content:"GET"; http_method; content:"/cd/0/get/cjhfejzlwq_z1fejczlhe3hhmrhnffnfrh6mo97thlomqwaibe6fqo73vxzujjoodfluid0tdxcvfny0mk2rg1iqhlehdltp84cjuo2cj2podwyc_yhhfbw7yhofh4ptc1tt9sno4xhxuitpc5l9nocg/file|3f|dl=1"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"ucb2cbed19801a2ff4334b43344a.dl.dropboxusercontent.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428440/; classtype:trojan-activity;sid:84291540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.214.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428438/; classtype:trojan-activity;sid:84291538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.4.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428439/; classtype:trojan-activity;sid:84291539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.4.224.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428437/; classtype:trojan-activity;sid:84291537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.89.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428435/; classtype:trojan-activity;sid:84291535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.80.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428436/; classtype:trojan-activity;sid:84291536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.87.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428434/; classtype:trojan-activity;sid:84291534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.100.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428432/; classtype:trojan-activity;sid:84291532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428433)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.100.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428433/; classtype:trojan-activity;sid:84291533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.231.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428431/; classtype:trojan-activity;sid:84291531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.91.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428430/; classtype:trojan-activity;sid:84291530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.10.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428429/; classtype:trojan-activity;sid:84291529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"38.196.86.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428427/; classtype:trojan-activity;sid:84291527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.234.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428428/; classtype:trojan-activity;sid:84291528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.12.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428422/; classtype:trojan-activity;sid:84291522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428423)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.186.216.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428423/; classtype:trojan-activity;sid:84291523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428424)"; flow:established,from_client; content:"GET"; http_method; content:"/6sdjc5.msu"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428424/; classtype:trojan-activity;sid:84291524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428425)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.237.168.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428425/; classtype:trojan-activity;sid:84291525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.171.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428426/; classtype:trojan-activity;sid:84291526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428421)"; flow:established,from_client; content:"GET"; http_method; content:"/sakuuo.msu"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428421/; classtype:trojan-activity;sid:84291521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.120.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428420/; classtype:trojan-activity;sid:84291520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.63.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428419/; classtype:trojan-activity;sid:84291519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428418)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.169.0.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428418/; classtype:trojan-activity;sid:84291518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428417)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.51.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428417/; classtype:trojan-activity;sid:84291517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.162.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428416/; classtype:trojan-activity;sid:84291516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428415)"; flow:established,from_client; content:"GET"; http_method; content:"/txt/mkvwxpqvi3hlpend.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"weixe.ir"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428415/; classtype:trojan-activity;sid:84291515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.196.86.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428412/; classtype:trojan-activity;sid:84291512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428413)"; flow:established,from_client; content:"GET"; http_method; content:"/selvtillidens.smi"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.seventools.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428413/; classtype:trojan-activity;sid:84291513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.120.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428414/; classtype:trojan-activity;sid:84291514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428411)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/images/droyl.aaf"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.seventools.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428411/; classtype:trojan-activity;sid:84291511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428410)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/assets/khsgr207.bin"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"www.elefantenfutter.de"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428410/; classtype:trojan-activity;sid:84291510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.234.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428409/; classtype:trojan-activity;sid:84291509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428408)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.178.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428408/; classtype:trojan-activity;sid:84291508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428407)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.179.121.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428407/; classtype:trojan-activity;sid:84291507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428406)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.231.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428406/; classtype:trojan-activity;sid:84291506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428405)"; flow:established,from_client; content:"GET"; http_method; content:"/15012025/vessse6ulpad0i8lgrs0.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428405/; classtype:trojan-activity;sid:84291505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.82.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428404/; classtype:trojan-activity;sid:84291504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.181.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428403/; classtype:trojan-activity;sid:84291503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.234.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428402/; classtype:trojan-activity;sid:84291502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428401)"; flow:established,from_client; content:"GET"; http_method; content:"/w2.vbs"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myfileview1.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428401/; classtype:trojan-activity;sid:84291501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.116.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428400/; classtype:trojan-activity;sid:84291500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428399)"; flow:established,from_client; content:"GET"; http_method; content:"/pass.vbs"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"myfileview1.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428399/; classtype:trojan-activity;sid:84291499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.153.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428398/; classtype:trojan-activity;sid:84291498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428396)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.2.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428396/; classtype:trojan-activity;sid:84291496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.76.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428397/; classtype:trojan-activity;sid:84291497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.189.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428395/; classtype:trojan-activity;sid:84291495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.231.189.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428394/; classtype:trojan-activity;sid:84291494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.24.6.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428393/; classtype:trojan-activity;sid:84291493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428392)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.puvt.run"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428392/; classtype:trojan-activity;sid:84291492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428391)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.149.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428391/; classtype:trojan-activity;sid:84291491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.239.34.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428390/; classtype:trojan-activity;sid:84291490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.7.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428389/; classtype:trojan-activity;sid:84291489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428388)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/akismet/fv/index.php|3f|email=121212@letsdefend.io"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"mogagrocol.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428388/; classtype:trojan-activity;sid:84291488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428387)"; flow:established,from_client; content:"GET"; http_method; content:"/unforcing.xll"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"ugg.kliprisydie.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428387/; classtype:trojan-activity;sid:84291487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428386)"; flow:established,from_client; content:"GET"; http_method; content:"/story.mp4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"airtbn.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428386/; classtype:trojan-activity;sid:84291486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428385)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.repw.run"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428385/; classtype:trojan-activity;sid:84291485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.48.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428384/; classtype:trojan-activity;sid:84291484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.231.189.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428383/; classtype:trojan-activity;sid:84291483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.76.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428382/; classtype:trojan-activity;sid:84291482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428381/; classtype:trojan-activity;sid:84291481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.239.34.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428380/; classtype:trojan-activity;sid:84291480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428379)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.189.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428379/; classtype:trojan-activity;sid:84291479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428378)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.24.6.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428378/; classtype:trojan-activity;sid:84291478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.183.27.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428377/; classtype:trojan-activity;sid:84291477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.68.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428376/; classtype:trojan-activity;sid:84291476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.75.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428375/; classtype:trojan-activity;sid:84291475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.87.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428374/; classtype:trojan-activity;sid:84291474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.155.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428373/; classtype:trojan-activity;sid:84291473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.26.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428372/; classtype:trojan-activity;sid:84291472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.85.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428371/; classtype:trojan-activity;sid:84291471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428370)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.39.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428370/; classtype:trojan-activity;sid:84291470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428369)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.125.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428369/; classtype:trojan-activity;sid:84291469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428368)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.110.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428368/; classtype:trojan-activity;sid:84291468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.249.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428367/; classtype:trojan-activity;sid:84291467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428365)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.30.168.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428365/; classtype:trojan-activity;sid:84291465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428366)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428366/; classtype:trojan-activity;sid:84291466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428363)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.124.138.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428363/; classtype:trojan-activity;sid:84291463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428364)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.74.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428364/; classtype:trojan-activity;sid:84291464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428362)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.60.249.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428362/; classtype:trojan-activity;sid:84291462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.234.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428361/; classtype:trojan-activity;sid:84291461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.17.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428360/; classtype:trojan-activity;sid:84291460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.85.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428359/; classtype:trojan-activity;sid:84291459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.6.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428357/; classtype:trojan-activity;sid:84291457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.100.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428358/; classtype:trojan-activity;sid:84291458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.22.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428356/; classtype:trojan-activity;sid:84291456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.239.210.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428354/; classtype:trojan-activity;sid:84291454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.15.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428355/; classtype:trojan-activity;sid:84291455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428353)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.140.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428353/; classtype:trojan-activity;sid:84291453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.26.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428352/; classtype:trojan-activity;sid:84291452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.248.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428351/; classtype:trojan-activity;sid:84291451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.204.222.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428350/; classtype:trojan-activity;sid:84291450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.227.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428349/; classtype:trojan-activity;sid:84291449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428348)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428348/; classtype:trojan-activity;sid:84291448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428347)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.4.59"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428347/; classtype:trojan-activity;sid:84291447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.68.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428346/; classtype:trojan-activity;sid:84291446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.104.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428345/; classtype:trojan-activity;sid:84291445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.51.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428344/; classtype:trojan-activity;sid:84291444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428343)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.38.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428343/; classtype:trojan-activity;sid:84291443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.119.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428342/; classtype:trojan-activity;sid:84291442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.154.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428341/; classtype:trojan-activity;sid:84291441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428340)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.16.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428340/; classtype:trojan-activity;sid:84291440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.245.2.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428339/; classtype:trojan-activity;sid:84291439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.227.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428338/; classtype:trojan-activity;sid:84291438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.94.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428337/; classtype:trojan-activity;sid:84291437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.204.222.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428336/; classtype:trojan-activity;sid:84291436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428335)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.36.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428335/; classtype:trojan-activity;sid:84291435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.151.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428334/; classtype:trojan-activity;sid:84291434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.185.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428333/; classtype:trojan-activity;sid:84291433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.71.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428332/; classtype:trojan-activity;sid:84291432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.78.1"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428331/; classtype:trojan-activity;sid:84291431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.190.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428330/; classtype:trojan-activity;sid:84291430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428329/; classtype:trojan-activity;sid:84291429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.104.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428328/; classtype:trojan-activity;sid:84291428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.139.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428327/; classtype:trojan-activity;sid:84291427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.112.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428326/; classtype:trojan-activity;sid:84291426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428325)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.106.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428325/; classtype:trojan-activity;sid:84291425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428324)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.154.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428324/; classtype:trojan-activity;sid:84291424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.176.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428323/; classtype:trojan-activity;sid:84291423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.75.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428322/; classtype:trojan-activity;sid:84291422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.78.1"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428321/; classtype:trojan-activity;sid:84291421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428320)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.128.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428320/; classtype:trojan-activity;sid:84291420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.151.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428319/; classtype:trojan-activity;sid:84291419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.45.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428318/; classtype:trojan-activity;sid:84291418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.142.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428317/; classtype:trojan-activity;sid:84291417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.71.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428316/; classtype:trojan-activity;sid:84291416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.192.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428315/; classtype:trojan-activity;sid:84291415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.176.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428314/; classtype:trojan-activity;sid:84291414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428312)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.3.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428312/; classtype:trojan-activity;sid:84291412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428313)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.233.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428313/; classtype:trojan-activity;sid:84291413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.2.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428311/; classtype:trojan-activity;sid:84291411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.112.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428310/; classtype:trojan-activity;sid:84291410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.64.68.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428309/; classtype:trojan-activity;sid:84291409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.243.236.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428308/; classtype:trojan-activity;sid:84291408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428307)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.72.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428307/; classtype:trojan-activity;sid:84291407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.1.155"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428306/; classtype:trojan-activity;sid:84291406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.74.97.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428305/; classtype:trojan-activity;sid:84291405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.47.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428304/; classtype:trojan-activity;sid:84291404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.191.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428303/; classtype:trojan-activity;sid:84291403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428302)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428302/; classtype:trojan-activity;sid:84291402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.2.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428301/; classtype:trojan-activity;sid:84291401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428300)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.96.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428300/; classtype:trojan-activity;sid:84291400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.119.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428299/; classtype:trojan-activity;sid:84291399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428298)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.118.86.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428298/; classtype:trojan-activity;sid:84291398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428297)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.222.145.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428297/; classtype:trojan-activity;sid:84291397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.114.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428296/; classtype:trojan-activity;sid:84291396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.236.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428295/; classtype:trojan-activity;sid:84291395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.245.216.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428294/; classtype:trojan-activity;sid:84291394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428293)"; flow:established,from_client; content:"GET"; http_method; content:"/reddit"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.75.126.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428293/; classtype:trojan-activity;sid:84291393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.240.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428292/; classtype:trojan-activity;sid:84291392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.178.43.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428291/; classtype:trojan-activity;sid:84291391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.1.155"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428290/; classtype:trojan-activity;sid:84291390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.74.97.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428289/; classtype:trojan-activity;sid:84291389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428288)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.92.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428288/; classtype:trojan-activity;sid:84291388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428287/; classtype:trojan-activity;sid:84291387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.245.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428286/; classtype:trojan-activity;sid:84291386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428285)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.206.45.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428285/; classtype:trojan-activity;sid:84291385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428284/; classtype:trojan-activity;sid:84291384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.170.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428283/; classtype:trojan-activity;sid:84291383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.97.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428282/; classtype:trojan-activity;sid:84291382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.160.170.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428281/; classtype:trojan-activity;sid:84291381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.3.150"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428280/; classtype:trojan-activity;sid:84291380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.206.45.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428279/; classtype:trojan-activity;sid:84291379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.151.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428278/; classtype:trojan-activity;sid:84291378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.162.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428277/; classtype:trojan-activity;sid:84291377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428276)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.36.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428276/; classtype:trojan-activity;sid:84291376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.214.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428275/; classtype:trojan-activity;sid:84291375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.80.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428273/; classtype:trojan-activity;sid:84291373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.245.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428274/; classtype:trojan-activity;sid:84291374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.82.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428272/; classtype:trojan-activity;sid:84291372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"199.16.59.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428271/; classtype:trojan-activity;sid:84291371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.87.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428270/; classtype:trojan-activity;sid:84291370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428269)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.233.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428269/; classtype:trojan-activity;sid:84291369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.113.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428266/; classtype:trojan-activity;sid:84291366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428267)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.22.160.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428267/; classtype:trojan-activity;sid:84291367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428268)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.11.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428268/; classtype:trojan-activity;sid:84291368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428265)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428265/; classtype:trojan-activity;sid:84291365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.97.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428264/; classtype:trojan-activity;sid:84291364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428263)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.203.72.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428263/; classtype:trojan-activity;sid:84291363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428262)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.203.72.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428262/; classtype:trojan-activity;sid:84291362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.3.150"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428261/; classtype:trojan-activity;sid:84291361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.101.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428260/; classtype:trojan-activity;sid:84291360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.83.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428259/; classtype:trojan-activity;sid:84291359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.63.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428258/; classtype:trojan-activity;sid:84291358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428257)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.162.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428257/; classtype:trojan-activity;sid:84291357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.93.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428256/; classtype:trojan-activity;sid:84291356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428253)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.0.125"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428253/; classtype:trojan-activity;sid:84291353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428254)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.90.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428254/; classtype:trojan-activity;sid:84291354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428255)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.216.92.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428255/; classtype:trojan-activity;sid:84291355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.20.249"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428252/; classtype:trojan-activity;sid:84291352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"199.16.59.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428251/; classtype:trojan-activity;sid:84291351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.224.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428250/; classtype:trojan-activity;sid:84291350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.226.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428249/; classtype:trojan-activity;sid:84291349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.80.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428248/; classtype:trojan-activity;sid:84291348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.176.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428247/; classtype:trojan-activity;sid:84291347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428246)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.93.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428246/; classtype:trojan-activity;sid:84291346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.50.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428245/; classtype:trojan-activity;sid:84291345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.160.170.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428244/; classtype:trojan-activity;sid:84291344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.63.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428242/; classtype:trojan-activity;sid:84291342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.226.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428243/; classtype:trojan-activity;sid:84291343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.85.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428241/; classtype:trojan-activity;sid:84291341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.224.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428240/; classtype:trojan-activity;sid:84291340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.38.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428239/; classtype:trojan-activity;sid:84291339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.101.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428238/; classtype:trojan-activity;sid:84291338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428237)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.159.54.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428237/; classtype:trojan-activity;sid:84291337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.73.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428236/; classtype:trojan-activity;sid:84291336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.90.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428235/; classtype:trojan-activity;sid:84291335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.11.85"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428234/; classtype:trojan-activity;sid:84291334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.10.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428233/; classtype:trojan-activity;sid:84291333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.82.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428232/; classtype:trojan-activity;sid:84291332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.85.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428231/; classtype:trojan-activity;sid:84291331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.101.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428230/; classtype:trojan-activity;sid:84291330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.69.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428229/; classtype:trojan-activity;sid:84291329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.127.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428228/; classtype:trojan-activity;sid:84291328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.38.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428227/; classtype:trojan-activity;sid:84291327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.60.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428226/; classtype:trojan-activity;sid:84291326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.68.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428225/; classtype:trojan-activity;sid:84291325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428224/; classtype:trojan-activity;sid:84291324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.82.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428223/; classtype:trojan-activity;sid:84291323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428222)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.1.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428222/; classtype:trojan-activity;sid:84291322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.12.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428221/; classtype:trojan-activity;sid:84291321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.73.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428220/; classtype:trojan-activity;sid:84291320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.10.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428219/; classtype:trojan-activity;sid:84291319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428218)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.2.30.220"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428218/; classtype:trojan-activity;sid:84291318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.86.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428217/; classtype:trojan-activity;sid:84291317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.11.85"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428216/; classtype:trojan-activity;sid:84291316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428215)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.101.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428215/; classtype:trojan-activity;sid:84291315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.193.99.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428214/; classtype:trojan-activity;sid:84291314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.82.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428213/; classtype:trojan-activity;sid:84291313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.197.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428212/; classtype:trojan-activity;sid:84291312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.117.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428211/; classtype:trojan-activity;sid:84291311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428210)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.134.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428210/; classtype:trojan-activity;sid:84291310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.120.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428209/; classtype:trojan-activity;sid:84291309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428208)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.115.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428208/; classtype:trojan-activity;sid:84291308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.86.97.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428207/; classtype:trojan-activity;sid:84291307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.92.150"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428206/; classtype:trojan-activity;sid:84291306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.168.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428205/; classtype:trojan-activity;sid:84291305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.32.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428203/; classtype:trojan-activity;sid:84291303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.229.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428204/; classtype:trojan-activity;sid:84291304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.90.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428202/; classtype:trojan-activity;sid:84291302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428201)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.53.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428201/; classtype:trojan-activity;sid:84291301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.32.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428200/; classtype:trojan-activity;sid:84291300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.120.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428199/; classtype:trojan-activity;sid:84291299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.169.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428198/; classtype:trojan-activity;sid:84291298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.30.220"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428197/; classtype:trojan-activity;sid:84291297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.192.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428196/; classtype:trojan-activity;sid:84291296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428195/; classtype:trojan-activity;sid:84291295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.225.231.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428194/; classtype:trojan-activity;sid:84291294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.132.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428193/; classtype:trojan-activity;sid:84291293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.132.167.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428192/; classtype:trojan-activity;sid:84291292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428191)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.175.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428191/; classtype:trojan-activity;sid:84291291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.153.216.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428189/; classtype:trojan-activity;sid:84291289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.117.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428190/; classtype:trojan-activity;sid:84291290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.60.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428188/; classtype:trojan-activity;sid:84291288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.40.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428187/; classtype:trojan-activity;sid:84291287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428186)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428186/; classtype:trojan-activity;sid:84291286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.86.97.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428185/; classtype:trojan-activity;sid:84291285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.181.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428184/; classtype:trojan-activity;sid:84291284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.49.65.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428183/; classtype:trojan-activity;sid:84291283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428182)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.198.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428182/; classtype:trojan-activity;sid:84291282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.134.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428181/; classtype:trojan-activity;sid:84291281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428180)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.105.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428180/; classtype:trojan-activity;sid:84291280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428179)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.35.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428179/; classtype:trojan-activity;sid:84291279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.12.195.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428177/; classtype:trojan-activity;sid:84291277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.197.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428178/; classtype:trojan-activity;sid:84291278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428175)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.188.74.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428175/; classtype:trojan-activity;sid:84291275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.181.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428176/; classtype:trojan-activity;sid:84291276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.167.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428174/; classtype:trojan-activity;sid:84291274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.153.216.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428173/; classtype:trojan-activity;sid:84291273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.14.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428172/; classtype:trojan-activity;sid:84291272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.10.1.143"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428171/; classtype:trojan-activity;sid:84291271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.175.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428170/; classtype:trojan-activity;sid:84291270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428169/; classtype:trojan-activity;sid:84291269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.140.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428168/; classtype:trojan-activity;sid:84291268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.246.37.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428167/; classtype:trojan-activity;sid:84291267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.165.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428166/; classtype:trojan-activity;sid:84291266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.85.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428165/; classtype:trojan-activity;sid:84291265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.187.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428164/; classtype:trojan-activity;sid:84291264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428163)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.26.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428163/; classtype:trojan-activity;sid:84291263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.195.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428162/; classtype:trojan-activity;sid:84291262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.249.168.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428161/; classtype:trojan-activity;sid:84291261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.35.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428158/; classtype:trojan-activity;sid:84291258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.105.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428159/; classtype:trojan-activity;sid:84291259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.85.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428160/; classtype:trojan-activity;sid:84291260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.164.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428156/; classtype:trojan-activity;sid:84291256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.251.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428157/; classtype:trojan-activity;sid:84291257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.23.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428154/; classtype:trojan-activity;sid:84291254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.14.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428155/; classtype:trojan-activity;sid:84291255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.140.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428153/; classtype:trojan-activity;sid:84291253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428152)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.28.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428152/; classtype:trojan-activity;sid:84291252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.249.168.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428151/; classtype:trojan-activity;sid:84291251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428150)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.97.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428150/; classtype:trojan-activity;sid:84291250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.165.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428149/; classtype:trojan-activity;sid:84291249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.1.143"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428148/; classtype:trojan-activity;sid:84291248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.188.74.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428147/; classtype:trojan-activity;sid:84291247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428145)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.10.190.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428145/; classtype:trojan-activity;sid:84291245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428146)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.226.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428146/; classtype:trojan-activity;sid:84291246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428143)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428143/; classtype:trojan-activity;sid:84291243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428144)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.149.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428144/; classtype:trojan-activity;sid:84291244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.85.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428141/; classtype:trojan-activity;sid:84291241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428142)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.28.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428142/; classtype:trojan-activity;sid:84291242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428138)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.159.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428138/; classtype:trojan-activity;sid:84291238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428139)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.205.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428139/; classtype:trojan-activity;sid:84291239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.6.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428140/; classtype:trojan-activity;sid:84291240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.227.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428135/; classtype:trojan-activity;sid:84291235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.97.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428136/; classtype:trojan-activity;sid:84291236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.27.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428137/; classtype:trojan-activity;sid:84291237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428134)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428134/; classtype:trojan-activity;sid:84291234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.230.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428133/; classtype:trojan-activity;sid:84291233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.212.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428132/; classtype:trojan-activity;sid:84291232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.23.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428131/; classtype:trojan-activity;sid:84291231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.50.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428130/; classtype:trojan-activity;sid:84291230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.116.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428128/; classtype:trojan-activity;sid:84291228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.208.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428129/; classtype:trojan-activity;sid:84291229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.230.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428127/; classtype:trojan-activity;sid:84291227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428126/; classtype:trojan-activity;sid:84291226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.209.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428125/; classtype:trojan-activity;sid:84291225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.27.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428124/; classtype:trojan-activity;sid:84291224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.92.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428122/; classtype:trojan-activity;sid:84291222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.103.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428123/; classtype:trojan-activity;sid:84291223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.156.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428121/; classtype:trojan-activity;sid:84291221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.145.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428120/; classtype:trojan-activity;sid:84291220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.10.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428119/; classtype:trojan-activity;sid:84291219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.149.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428118/; classtype:trojan-activity;sid:84291218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428117)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.107.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428117/; classtype:trojan-activity;sid:84291217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.107.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428116/; classtype:trojan-activity;sid:84291216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.94.193.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428115/; classtype:trojan-activity;sid:84291215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.174.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428114/; classtype:trojan-activity;sid:84291214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428113)"; flow:established,from_client; content:"GET"; http_method; content:"/face/setupqw.msi"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ns2.base01.info"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428113/; classtype:trojan-activity;sid:84291213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428112)"; flow:established,from_client; content:"GET"; http_method; content:"/face/setupqw.msi"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"base01.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428112/; classtype:trojan-activity;sid:84291212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428111)"; flow:established,from_client; content:"GET"; http_method; content:"/face/setupqw.msi"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ns1.base01.info"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428111/; classtype:trojan-activity;sid:84291211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428109)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/document-1002321.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"ns1.base01.info"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428109/; classtype:trojan-activity;sid:84291209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428110)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/document-1002321.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"ns2.base01.info"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428110/; classtype:trojan-activity;sid:84291210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428106)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/document-1002321.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"147.45.37.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428106/; classtype:trojan-activity;sid:84291206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428107)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/document-1002321.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"base01.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428107/; classtype:trojan-activity;sid:84291207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428108)"; flow:established,from_client; content:"GET"; http_method; content:"/face/setupqw.msi"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"147.45.37.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428108/; classtype:trojan-activity;sid:84291208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428105)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.6.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428105/; classtype:trojan-activity;sid:84291205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.232.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428104/; classtype:trojan-activity;sid:84291204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428103)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.1.76"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428103/; classtype:trojan-activity;sid:84291203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.96.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428102/; classtype:trojan-activity;sid:84291202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428101)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"209.141.40.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428101/; classtype:trojan-activity;sid:84291201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.47.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428100/; classtype:trojan-activity;sid:84291200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.52.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428099/; classtype:trojan-activity;sid:84291199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.81.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428098/; classtype:trojan-activity;sid:84291198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.145.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428097/; classtype:trojan-activity;sid:84291197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428096)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.53.253.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428096/; classtype:trojan-activity;sid:84291196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428093)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"101.168.23.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428093/; classtype:trojan-activity;sid:84291193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428094)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.19.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428094/; classtype:trojan-activity;sid:84291194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428095)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"116.97.65.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428095/; classtype:trojan-activity;sid:84291195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428089)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.187.229.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428089/; classtype:trojan-activity;sid:84291189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428090)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.187.229.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428090/; classtype:trojan-activity;sid:84291190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428091)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.161.170.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428091/; classtype:trojan-activity;sid:84291191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428092)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.161.170.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428092/; classtype:trojan-activity;sid:84291192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428085)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"189.222.105.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428085/; classtype:trojan-activity;sid:84291185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428086)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.253.9.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428086/; classtype:trojan-activity;sid:84291186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428087)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.1.197.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428087/; classtype:trojan-activity;sid:84291187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428088)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.205.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428088/; classtype:trojan-activity;sid:84291188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428081)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.211.173.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428081/; classtype:trojan-activity;sid:84291181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428082)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.44.70.240"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428082/; classtype:trojan-activity;sid:84291182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428083)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.70.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428083/; classtype:trojan-activity;sid:84291183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428084)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.70.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428084/; classtype:trojan-activity;sid:84291184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.92.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428076/; classtype:trojan-activity;sid:84291176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428077)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.190.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428077/; classtype:trojan-activity;sid:84291177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428078)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.5.240.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428078/; classtype:trojan-activity;sid:84291178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428079)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.175.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428079/; classtype:trojan-activity;sid:84291179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428080)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.186.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428080/; classtype:trojan-activity;sid:84291180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428075)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.189.223.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428075/; classtype:trojan-activity;sid:84291175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428074/; classtype:trojan-activity;sid:84291174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.209.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428073/; classtype:trojan-activity;sid:84291173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.149.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428072/; classtype:trojan-activity;sid:84291172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.208.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428071/; classtype:trojan-activity;sid:84291171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.204.223.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428067/; classtype:trojan-activity;sid:84291167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.235.231.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428068/; classtype:trojan-activity;sid:84291168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.136.24.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428069/; classtype:trojan-activity;sid:84291169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.154.143.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428070/; classtype:trojan-activity;sid:84291170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.237.207.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428062/; classtype:trojan-activity;sid:84291162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.57.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428063/; classtype:trojan-activity;sid:84291163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.251.3.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428064/; classtype:trojan-activity;sid:84291164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"168.232.158.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428065/; classtype:trojan-activity;sid:84291165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.181.84.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428066/; classtype:trojan-activity;sid:84291166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.123.59.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428058/; classtype:trojan-activity;sid:84291158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.191.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428059/; classtype:trojan-activity;sid:84291159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.27.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428060/; classtype:trojan-activity;sid:84291160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.47.92.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428061/; classtype:trojan-activity;sid:84291161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.221.215.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428052/; classtype:trojan-activity;sid:84291152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.202.15.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428053/; classtype:trojan-activity;sid:84291153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.82.45.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428054/; classtype:trojan-activity;sid:84291154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.72.2.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428055/; classtype:trojan-activity;sid:84291155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.24.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428056/; classtype:trojan-activity;sid:84291156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.246.109.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428057/; classtype:trojan-activity;sid:84291157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.115.87.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428051/; classtype:trojan-activity;sid:84291151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.13.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428050/; classtype:trojan-activity;sid:84291150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.107.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428049/; classtype:trojan-activity;sid:84291149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.4.59"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428048/; classtype:trojan-activity;sid:84291148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.167.174.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428047/; classtype:trojan-activity;sid:84291147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.27.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428046/; classtype:trojan-activity;sid:84291146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.194.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428045/; classtype:trojan-activity;sid:84291145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.179.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428044/; classtype:trojan-activity;sid:84291144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.13.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428043/; classtype:trojan-activity;sid:84291143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.188.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428042/; classtype:trojan-activity;sid:84291142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.206.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428041/; classtype:trojan-activity;sid:84291141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428040)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.164.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428040/; classtype:trojan-activity;sid:84291140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428039)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.174.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428039/; classtype:trojan-activity;sid:84291139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.198.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428038/; classtype:trojan-activity;sid:84291138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.115.87.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428037/; classtype:trojan-activity;sid:84291137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428036/; classtype:trojan-activity;sid:84291136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.250.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428035/; classtype:trojan-activity;sid:84291135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.169.228.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428034/; classtype:trojan-activity;sid:84291134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428032/; classtype:trojan-activity;sid:84291132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.94.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428033/; classtype:trojan-activity;sid:84291133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.27.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428031/; classtype:trojan-activity;sid:84291131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.93.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428030/; classtype:trojan-activity;sid:84291130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.24.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428029/; classtype:trojan-activity;sid:84291129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.141.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428028/; classtype:trojan-activity;sid:84291128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.85.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428027/; classtype:trojan-activity;sid:84291127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.164.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428026/; classtype:trojan-activity;sid:84291126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428025)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428025/; classtype:trojan-activity;sid:84291125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428024)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.0.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428024/; classtype:trojan-activity;sid:84291124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.169.228.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428023/; classtype:trojan-activity;sid:84291123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.198.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428022/; classtype:trojan-activity;sid:84291122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.250.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428021/; classtype:trojan-activity;sid:84291121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.210.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428020/; classtype:trojan-activity;sid:84291120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.204.192.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428019/; classtype:trojan-activity;sid:84291119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.244.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428018/; classtype:trojan-activity;sid:84291118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428017)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.151.251.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428017/; classtype:trojan-activity;sid:84291117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.28.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428016/; classtype:trojan-activity;sid:84291116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428015/; classtype:trojan-activity;sid:84291115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428014)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.44.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428014/; classtype:trojan-activity;sid:84291114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.39.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428012/; classtype:trojan-activity;sid:84291112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428013)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.138.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428013/; classtype:trojan-activity;sid:84291113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.164.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428011/; classtype:trojan-activity;sid:84291111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428010)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.85.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428010/; classtype:trojan-activity;sid:84291110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.180.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428009/; classtype:trojan-activity;sid:84291109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.141.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428008/; classtype:trojan-activity;sid:84291108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.115.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428007/; classtype:trojan-activity;sid:84291107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.53.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428006/; classtype:trojan-activity;sid:84291106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428003)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.9.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428003/; classtype:trojan-activity;sid:84291103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428004)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.198.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428004/; classtype:trojan-activity;sid:84291104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428005)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.111.17.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428005/; classtype:trojan-activity;sid:84291105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.28.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428002/; classtype:trojan-activity;sid:84291102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.175.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428001/; classtype:trojan-activity;sid:84291101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.244.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428000/; classtype:trojan-activity;sid:84291100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.22.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427999/; classtype:trojan-activity;sid:84291099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.254.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427998/; classtype:trojan-activity;sid:84291098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.159.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427997/; classtype:trojan-activity;sid:84291097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.180.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427996/; classtype:trojan-activity;sid:84291096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.167.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427995/; classtype:trojan-activity;sid:84291095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.80.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427994/; classtype:trojan-activity;sid:84291094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.175.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427993/; classtype:trojan-activity;sid:84291093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427992)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.208.104.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427992/; classtype:trojan-activity;sid:84291092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427991)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.26.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427991/; classtype:trojan-activity;sid:84291091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.243.236.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427990/; classtype:trojan-activity;sid:84291090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427989)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.59.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427989/; classtype:trojan-activity;sid:84291089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.22.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427988/; classtype:trojan-activity;sid:84291088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.254.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427987/; classtype:trojan-activity;sid:84291087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.14.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427986/; classtype:trojan-activity;sid:84291086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.159.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427985/; classtype:trojan-activity;sid:84291085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.80.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427983/; classtype:trojan-activity;sid:84291083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.235.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427984/; classtype:trojan-activity;sid:84291084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.1.149"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427982/; classtype:trojan-activity;sid:84291082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.53.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427981/; classtype:trojan-activity;sid:84291081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.2.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427980/; classtype:trojan-activity;sid:84291080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.14.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427979/; classtype:trojan-activity;sid:84291079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.125.114.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427978/; classtype:trojan-activity;sid:84291078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.41.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427977/; classtype:trojan-activity;sid:84291077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427976)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.235.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427976/; classtype:trojan-activity;sid:84291076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.22.20"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427975/; classtype:trojan-activity;sid:84291075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.228.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427974/; classtype:trojan-activity;sid:84291074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.207.161.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427973/; classtype:trojan-activity;sid:84291073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.2.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427972/; classtype:trojan-activity;sid:84291072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.143.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427971/; classtype:trojan-activity;sid:84291071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427970)"; flow:established,from_client; content:"GET"; http_method; content:"/dfaaaaaaaaaaaa/fffffffffff/raw/a763320c26bab3b02f388769d66b570fef956191/devmi.exe"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427970/; classtype:trojan-activity;sid:84291070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427969)"; flow:established,from_client; content:"GET"; http_method; content:"/dfaaaaaaaaaaaa/fffffffffff/raw/a763320c26bab3b02f388769d66b570fef956191/black.exe"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427969/; classtype:trojan-activity;sid:84291069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427967)"; flow:established,from_client; content:"GET"; http_method; content:"/dfaaaaaaaaaaaa/fffffffffff/raw/a763320c26bab3b02f388769d66b570fef956191/purple.exe"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427967/; classtype:trojan-activity;sid:84291067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427968)"; flow:established,from_client; content:"GET"; http_method; content:"/dfaaaaaaaaaaaa/fffffffffff/raw/a763320c26bab3b02f388769d66b570fef956191/green.exe"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427968/; classtype:trojan-activity;sid:84291068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427966)"; flow:established,from_client; content:"GET"; http_method; content:"/dfaaaaaaaaaaaa/fffffffffff/raw/a763320c26bab3b02f388769d66b570fef956191/yellow.exe"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427966/; classtype:trojan-activity;sid:84291066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.131.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427964/; classtype:trojan-activity;sid:84291064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427965)"; flow:established,from_client; content:"GET"; http_method; content:"/dfaaaaaaaaaaaa/fffffffffff/raw/a763320c26bab3b02f388769d66b570fef956191/cl.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427965/; classtype:trojan-activity;sid:84291065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.25.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427963/; classtype:trojan-activity;sid:84291063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.60.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427962/; classtype:trojan-activity;sid:84291062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.43.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427961/; classtype:trojan-activity;sid:84291061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.39.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427959/; classtype:trojan-activity;sid:84291059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.125.114.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427960/; classtype:trojan-activity;sid:84291060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.231.177.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427958/; classtype:trojan-activity;sid:84291058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.22.20"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427957/; classtype:trojan-activity;sid:84291057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427956)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.25.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427956/; classtype:trojan-activity;sid:84291056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.61.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427955/; classtype:trojan-activity;sid:84291055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.60.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427954/; classtype:trojan-activity;sid:84291054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.96.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427953/; classtype:trojan-activity;sid:84291053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.51.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427952/; classtype:trojan-activity;sid:84291052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.204.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427951/; classtype:trojan-activity;sid:84291051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.183.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427950/; classtype:trojan-activity;sid:84291050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.232.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427949/; classtype:trojan-activity;sid:84291049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427948)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.79.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427948/; classtype:trojan-activity;sid:84291048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.195.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427947/; classtype:trojan-activity;sid:84291047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427946/; classtype:trojan-activity;sid:84291046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.39.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427945/; classtype:trojan-activity;sid:84291045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.19.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427944/; classtype:trojan-activity;sid:84291044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.109.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427943/; classtype:trojan-activity;sid:84291043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427942)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.41.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427942/; classtype:trojan-activity;sid:84291042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.210.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427941/; classtype:trojan-activity;sid:84291041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427940)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.10.22.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427940/; classtype:trojan-activity;sid:84291040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.231.177.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427939/; classtype:trojan-activity;sid:84291039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.217.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427938/; classtype:trojan-activity;sid:84291038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.22.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427937/; classtype:trojan-activity;sid:84291037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427936)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.16.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427936/; classtype:trojan-activity;sid:84291036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427935)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.78.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427935/; classtype:trojan-activity;sid:84291035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.36.148.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427934/; classtype:trojan-activity;sid:84291034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427933)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/fbo/fbo/sheisverynicegirllokyetaroudntheglobalgoodnice.hta"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"185.29.10.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427933/; classtype:trojan-activity;sid:84291033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427932)"; flow:established,from_client; content:"GET"; http_method; content:"/669/wis/betterfeelingwithgoodthingstogivenbestthignsbetterforme.hta"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"217.160.163.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427932/; classtype:trojan-activity;sid:84291032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427931)"; flow:established,from_client; content:"GET"; http_method; content:"/430/nhu/sheisbestforbetterforgoodthingstogetbackbetterthingsforgood.hta"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"104.168.7.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427931/; classtype:trojan-activity;sid:84291031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.6.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427930/; classtype:trojan-activity;sid:84291030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427929)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/kkns/kkn/shemygoodgirlwholovesmebestthignstobegoodforrmes.hta"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"185.29.10.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427929/; classtype:trojan-activity;sid:84291029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.137.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427928/; classtype:trojan-activity;sid:84291028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.22.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427927/; classtype:trojan-activity;sid:84291027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427926/; classtype:trojan-activity;sid:84291026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.87.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427925/; classtype:trojan-activity;sid:84291025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.36.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427924/; classtype:trojan-activity;sid:84291024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.21.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427923/; classtype:trojan-activity;sid:84291023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427922)"; flow:established,from_client; content:"GET"; http_method; content:"/2025/02/02/10/442058191.png"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"www2.0zz0.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427922/; classtype:trojan-activity;sid:84291022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.217.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427921/; classtype:trojan-activity;sid:84291021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.146.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427920/; classtype:trojan-activity;sid:84291020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.195.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427919/; classtype:trojan-activity;sid:84291019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.134.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427918/; classtype:trojan-activity;sid:84291018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.67.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427917/; classtype:trojan-activity;sid:84291017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.193.99.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427916/; classtype:trojan-activity;sid:84291016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.6.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427915/; classtype:trojan-activity;sid:84291015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.26.189"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427914/; classtype:trojan-activity;sid:84291014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.137.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427913/; classtype:trojan-activity;sid:84291013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.92.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427912/; classtype:trojan-activity;sid:84291012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.247.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427911/; classtype:trojan-activity;sid:84291011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.232.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427910/; classtype:trojan-activity;sid:84291010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.67.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427909/; classtype:trojan-activity;sid:84291009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427908)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.38.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427908/; classtype:trojan-activity;sid:84291008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427907)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.76.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427907/; classtype:trojan-activity;sid:84291007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427906)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.111.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427906/; classtype:trojan-activity;sid:84291006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.75.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427904/; classtype:trojan-activity;sid:84291004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.176.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427905/; classtype:trojan-activity;sid:84291005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.235.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427903/; classtype:trojan-activity;sid:84291003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427902)"; flow:established,from_client; content:"GET"; http_method; content:"/setup.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"anizom.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427902/; classtype:trojan-activity;sid:84291002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427901)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.mujf.run"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427901/; classtype:trojan-activity;sid:84291001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.247.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427900/; classtype:trojan-activity;sid:84291000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.134.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427899/; classtype:trojan-activity;sid:84290999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.37.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427898/; classtype:trojan-activity;sid:84290998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.155.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427897/; classtype:trojan-activity;sid:84290997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427896)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.130.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427896/; classtype:trojan-activity;sid:84290996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.56.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427895/; classtype:trojan-activity;sid:84290995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.195.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427894/; classtype:trojan-activity;sid:84290994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427893)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.250.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427893/; classtype:trojan-activity;sid:84290993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427891)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.134.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427891/; classtype:trojan-activity;sid:84290991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427892)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427892/; classtype:trojan-activity;sid:84290992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427890)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.164.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427890/; classtype:trojan-activity;sid:84290990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427889)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.163.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427889/; classtype:trojan-activity;sid:84290989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427888)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.80.58.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427888/; classtype:trojan-activity;sid:84290988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.184.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427884/; classtype:trojan-activity;sid:84290984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427885)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.119.180.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427885/; classtype:trojan-activity;sid:84290985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.87.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427886/; classtype:trojan-activity;sid:84290986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427887)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.243.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427887/; classtype:trojan-activity;sid:84290987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427882)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.226.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427882/; classtype:trojan-activity;sid:84290982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.175.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427883/; classtype:trojan-activity;sid:84290983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427881)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427881/; classtype:trojan-activity;sid:84290981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.129.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427880/; classtype:trojan-activity;sid:84290980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.37.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427879/; classtype:trojan-activity;sid:84290979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.128.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427878/; classtype:trojan-activity;sid:84290978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.195.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427877/; classtype:trojan-activity;sid:84290977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.182.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427876/; classtype:trojan-activity;sid:84290976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.247.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427875/; classtype:trojan-activity;sid:84290975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.28.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427874/; classtype:trojan-activity;sid:84290974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.61.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427873/; classtype:trojan-activity;sid:84290973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.28.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427872/; classtype:trojan-activity;sid:84290972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.171.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427871/; classtype:trojan-activity;sid:84290971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.67.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427870/; classtype:trojan-activity;sid:84290970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.155.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427869/; classtype:trojan-activity;sid:84290969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.182.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427868/; classtype:trojan-activity;sid:84290968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.116.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427867/; classtype:trojan-activity;sid:84290967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427866)"; flow:established,from_client; content:"GET"; http_method; content:"/deepseek.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"deepsek.cfd"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427866/; classtype:trojan-activity;sid:84290966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427865)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.vusy.run"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427865/; classtype:trojan-activity;sid:84290965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427864)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.xufx.run"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427864/; classtype:trojan-activity;sid:84290964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427863)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.dejh.run"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427863/; classtype:trojan-activity;sid:84290963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.37.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427862/; classtype:trojan-activity;sid:84290962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.92.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427861/; classtype:trojan-activity;sid:84290961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.128.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427860/; classtype:trojan-activity;sid:84290960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.208.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427859/; classtype:trojan-activity;sid:84290959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427858)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.0.86"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427858/; classtype:trojan-activity;sid:84290958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.67.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427857/; classtype:trojan-activity;sid:84290957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.208.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427856/; classtype:trojan-activity;sid:84290956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.86.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427855/; classtype:trojan-activity;sid:84290955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427838)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427838/; classtype:trojan-activity;sid:84290938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427839)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427839/; classtype:trojan-activity;sid:84290939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427840)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427840/; classtype:trojan-activity;sid:84290940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427841)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427841/; classtype:trojan-activity;sid:84290941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427842)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427842/; classtype:trojan-activity;sid:84290942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427843)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427843/; classtype:trojan-activity;sid:84290943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427844)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427844/; classtype:trojan-activity;sid:84290944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427845)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427845/; classtype:trojan-activity;sid:84290945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427846)"; flow:established,from_client; content:"GET"; http_method; content:"/nshmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427846/; classtype:trojan-activity;sid:84290946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427847)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427847/; classtype:trojan-activity;sid:84290947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427848)"; flow:established,from_client; content:"GET"; http_method; content:"/nshppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427848/; classtype:trojan-activity;sid:84290948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427849)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427849/; classtype:trojan-activity;sid:84290949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427850)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427850/; classtype:trojan-activity;sid:84290950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427851)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427851/; classtype:trojan-activity;sid:84290951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427852)"; flow:established,from_client; content:"GET"; http_method; content:"/nshmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427852/; classtype:trojan-activity;sid:84290952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427853)"; flow:established,from_client; content:"GET"; http_method; content:"/hmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427853/; classtype:trojan-activity;sid:84290953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427854)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427854/; classtype:trojan-activity;sid:84290954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427836)"; flow:established,from_client; content:"GET"; http_method; content:"/nshsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427836/; classtype:trojan-activity;sid:84290936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427837)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427837/; classtype:trojan-activity;sid:84290937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427821)"; flow:established,from_client; content:"GET"; http_method; content:"/multi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427821/; classtype:trojan-activity;sid:84290921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427822)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427822/; classtype:trojan-activity;sid:84290922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427823)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427823/; classtype:trojan-activity;sid:84290923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427824)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427824/; classtype:trojan-activity;sid:84290924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427825)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427825/; classtype:trojan-activity;sid:84290925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427826)"; flow:established,from_client; content:"GET"; http_method; content:"/multi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427826/; classtype:trojan-activity;sid:84290926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427827)"; flow:established,from_client; content:"GET"; http_method; content:"/gocl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427827/; classtype:trojan-activity;sid:84290927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427828)"; flow:established,from_client; content:"GET"; http_method; content:"/create.py"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427828/; classtype:trojan-activity;sid:84290928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427829)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427829/; classtype:trojan-activity;sid:84290929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427830)"; flow:established,from_client; content:"GET"; http_method; content:"/zz"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427830/; classtype:trojan-activity;sid:84290930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427831)"; flow:established,from_client; content:"GET"; http_method; content:"/av.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427831/; classtype:trojan-activity;sid:84290931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427832)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427832/; classtype:trojan-activity;sid:84290932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427833)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427833/; classtype:trojan-activity;sid:84290933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427834)"; flow:established,from_client; content:"GET"; http_method; content:"/hmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427834/; classtype:trojan-activity;sid:84290934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427835)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427835/; classtype:trojan-activity;sid:84290935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427817)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427817/; classtype:trojan-activity;sid:84290917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427818)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427818/; classtype:trojan-activity;sid:84290918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427819)"; flow:established,from_client; content:"GET"; http_method; content:"/nshmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427819/; classtype:trojan-activity;sid:84290919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427820)"; flow:established,from_client; content:"GET"; http_method; content:"/nshppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427820/; classtype:trojan-activity;sid:84290920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427793)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427793/; classtype:trojan-activity;sid:84290893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427794)"; flow:established,from_client; content:"GET"; http_method; content:"/sdt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427794/; classtype:trojan-activity;sid:84290894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427795)"; flow:established,from_client; content:"GET"; http_method; content:"/test.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427795/; classtype:trojan-activity;sid:84290895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427796)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427796/; classtype:trojan-activity;sid:84290896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427797)"; flow:established,from_client; content:"GET"; http_method; content:"/f5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427797/; classtype:trojan-activity;sid:84290897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427798)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427798/; classtype:trojan-activity;sid:84290898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427799)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427799/; classtype:trojan-activity;sid:84290899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427800)"; flow:established,from_client; content:"GET"; http_method; content:"/xaxa"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427800/; classtype:trojan-activity;sid:84290900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427801)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427801/; classtype:trojan-activity;sid:84290901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427802)"; flow:established,from_client; content:"GET"; http_method; content:"/fdgsfg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427802/; classtype:trojan-activity;sid:84290902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427803)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427803/; classtype:trojan-activity;sid:84290903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427804)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427804/; classtype:trojan-activity;sid:84290904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427805)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427805/; classtype:trojan-activity;sid:84290905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427806)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427806/; classtype:trojan-activity;sid:84290906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427807)"; flow:established,from_client; content:"GET"; http_method; content:"/l"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427807/; classtype:trojan-activity;sid:84290907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427808)"; flow:established,from_client; content:"GET"; http_method; content:"/nshmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427808/; classtype:trojan-activity;sid:84290908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427809)"; flow:established,from_client; content:"GET"; http_method; content:"/mag"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427809/; classtype:trojan-activity;sid:84290909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427810)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427810/; classtype:trojan-activity;sid:84290910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427811)"; flow:established,from_client; content:"GET"; http_method; content:"/r.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427811/; classtype:trojan-activity;sid:84290911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427812)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427812/; classtype:trojan-activity;sid:84290912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427813)"; flow:established,from_client; content:"GET"; http_method; content:"/r.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427813/; classtype:trojan-activity;sid:84290913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427814)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427814/; classtype:trojan-activity;sid:84290914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427815)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427815/; classtype:trojan-activity;sid:84290915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427816)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427816/; classtype:trojan-activity;sid:84290916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427781)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427781/; classtype:trojan-activity;sid:84290881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427782)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427782/; classtype:trojan-activity;sid:84290882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427783)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427783/; classtype:trojan-activity;sid:84290883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427784)"; flow:established,from_client; content:"GET"; http_method; content:"/vc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427784/; classtype:trojan-activity;sid:84290884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427785)"; flow:established,from_client; content:"GET"; http_method; content:"/gocl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427785/; classtype:trojan-activity;sid:84290885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427786)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427786/; classtype:trojan-activity;sid:84290886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427787)"; flow:established,from_client; content:"GET"; http_method; content:"/f5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427787/; classtype:trojan-activity;sid:84290887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427788)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427788/; classtype:trojan-activity;sid:84290888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427789)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427789/; classtype:trojan-activity;sid:84290889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427790)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427790/; classtype:trojan-activity;sid:84290890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427791)"; flow:established,from_client; content:"GET"; http_method; content:"/fdgsfg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427791/; classtype:trojan-activity;sid:84290891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427792)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427792/; classtype:trojan-activity;sid:84290892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427741)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427741/; classtype:trojan-activity;sid:84290841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427742)"; flow:established,from_client; content:"GET"; http_method; content:"/fb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427742/; classtype:trojan-activity;sid:84290842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427743)"; flow:established,from_client; content:"GET"; http_method; content:"/mass.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427743/; classtype:trojan-activity;sid:84290843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427744)"; flow:established,from_client; content:"GET"; http_method; content:"/av.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427744/; classtype:trojan-activity;sid:84290844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427745)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427745/; classtype:trojan-activity;sid:84290845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427746)"; flow:established,from_client; content:"GET"; http_method; content:"/mass.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427746/; classtype:trojan-activity;sid:84290846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427747)"; flow:established,from_client; content:"GET"; http_method; content:"/fb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427747/; classtype:trojan-activity;sid:84290847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427748)"; flow:established,from_client; content:"GET"; http_method; content:"/sdt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427748/; classtype:trojan-activity;sid:84290848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427749)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427749/; classtype:trojan-activity;sid:84290849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427750)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427750/; classtype:trojan-activity;sid:84290850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427751)"; flow:established,from_client; content:"GET"; http_method; content:"/ruck"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427751/; classtype:trojan-activity;sid:84290851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427752)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427752/; classtype:trojan-activity;sid:84290852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427753)"; flow:established,from_client; content:"GET"; http_method; content:"/zz"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427753/; classtype:trojan-activity;sid:84290853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427754)"; flow:established,from_client; content:"GET"; http_method; content:"/lll"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427754/; classtype:trojan-activity;sid:84290854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427755)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427755/; classtype:trojan-activity;sid:84290855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427756)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427756/; classtype:trojan-activity;sid:84290856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427757)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427757/; classtype:trojan-activity;sid:84290857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427758)"; flow:established,from_client; content:"GET"; http_method; content:"/bee"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427758/; classtype:trojan-activity;sid:84290858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427759)"; flow:established,from_client; content:"GET"; http_method; content:"/vc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427759/; classtype:trojan-activity;sid:84290859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427760)"; flow:established,from_client; content:"GET"; http_method; content:"/mag"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427760/; classtype:trojan-activity;sid:84290860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427761)"; flow:established,from_client; content:"GET"; http_method; content:"/asd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427761/; classtype:trojan-activity;sid:84290861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427762)"; flow:established,from_client; content:"GET"; http_method; content:"/xaxa"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427762/; classtype:trojan-activity;sid:84290862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427763)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427763/; classtype:trojan-activity;sid:84290863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427764)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427764/; classtype:trojan-activity;sid:84290864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427765)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427765/; classtype:trojan-activity;sid:84290865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427766)"; flow:established,from_client; content:"GET"; http_method; content:"/lll"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427766/; classtype:trojan-activity;sid:84290866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427767)"; flow:established,from_client; content:"GET"; http_method; content:"/asd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427767/; classtype:trojan-activity;sid:84290867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427768)"; flow:established,from_client; content:"GET"; http_method; content:"/test.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427768/; classtype:trojan-activity;sid:84290868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427769)"; flow:established,from_client; content:"GET"; http_method; content:"/bee"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427769/; classtype:trojan-activity;sid:84290869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427770)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427770/; classtype:trojan-activity;sid:84290870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427771)"; flow:established,from_client; content:"GET"; http_method; content:"/ruck"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427771/; classtype:trojan-activity;sid:84290871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427772)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427772/; classtype:trojan-activity;sid:84290872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427773)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427773/; classtype:trojan-activity;sid:84290873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427774)"; flow:established,from_client; content:"GET"; http_method; content:"/create.py"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427774/; classtype:trojan-activity;sid:84290874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427775)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427775/; classtype:trojan-activity;sid:84290875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427776)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427776/; classtype:trojan-activity;sid:84290876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427777)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427777/; classtype:trojan-activity;sid:84290877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427778)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427778/; classtype:trojan-activity;sid:84290878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427779)"; flow:established,from_client; content:"GET"; http_method; content:"/nshsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427779/; classtype:trojan-activity;sid:84290879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427780)"; flow:established,from_client; content:"GET"; http_method; content:"/l"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.188.83.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427780/; classtype:trojan-activity;sid:84290880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.58.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427739/; classtype:trojan-activity;sid:84290839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.74.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427740/; classtype:trojan-activity;sid:84290840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.141.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427737/; classtype:trojan-activity;sid:84290837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.100.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427738/; classtype:trojan-activity;sid:84290838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427736)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.95.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427736/; classtype:trojan-activity;sid:84290836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.28.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427735/; classtype:trojan-activity;sid:84290835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.139.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427734/; classtype:trojan-activity;sid:84290834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.5.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427733/; classtype:trojan-activity;sid:84290833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.37.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427732/; classtype:trojan-activity;sid:84290832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.76.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427731/; classtype:trojan-activity;sid:84290831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.204.196.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427730/; classtype:trojan-activity;sid:84290830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.27.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427729/; classtype:trojan-activity;sid:84290829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427728)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/anarchy.sh"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"181.214.58.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427728/; classtype:trojan-activity;sid:84290828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427722)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.mips"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.igxhost.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427722/; classtype:trojan-activity;sid:84290822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427723)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.arm5"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.igxhost.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427723/; classtype:trojan-activity;sid:84290823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427724)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.arm6"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.igxhost.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427724/; classtype:trojan-activity;sid:84290824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427725)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.sh4"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.igxhost.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427725/; classtype:trojan-activity;sid:84290825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427726/; classtype:trojan-activity;sid:84290826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427727)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.spc"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.igxhost.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427727/; classtype:trojan-activity;sid:84290827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427714)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.arm"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.igxhost.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427714/; classtype:trojan-activity;sid:84290814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427715)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.x86"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.igxhost.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427715/; classtype:trojan-activity;sid:84290815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427716)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.arc"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.igxhost.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427716/; classtype:trojan-activity;sid:84290816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427717)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.m68k"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.igxhost.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427717/; classtype:trojan-activity;sid:84290817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427718)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.i686"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.igxhost.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427718/; classtype:trojan-activity;sid:84290818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427719)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.ppc"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.igxhost.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427719/; classtype:trojan-activity;sid:84290819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427720)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.arm7"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.igxhost.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427720/; classtype:trojan-activity;sid:84290820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427721)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.mpsl"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.igxhost.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427721/; classtype:trojan-activity;sid:84290821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427712)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.212.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427712/; classtype:trojan-activity;sid:84290812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427713)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427713/; classtype:trojan-activity;sid:84290813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427711)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.227.7.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427711/; classtype:trojan-activity;sid:84290811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427710)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.32.41.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427710/; classtype:trojan-activity;sid:84290810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.141.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427709/; classtype:trojan-activity;sid:84290809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427703)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.sparc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"89.32.41.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427703/; classtype:trojan-activity;sid:84290803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427704)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.32.41.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427704/; classtype:trojan-activity;sid:84290804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427705)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.32.41.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427705/; classtype:trojan-activity;sid:84290805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427706)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.i586"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.32.41.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427706/; classtype:trojan-activity;sid:84290806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427707)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.i686"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"212.64.199.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427707/; classtype:trojan-activity;sid:84290807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427708)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.32.41.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427708/; classtype:trojan-activity;sid:84290808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427691)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.m68k"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"212.64.199.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427691/; classtype:trojan-activity;sid:84290791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427692)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.arm6"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"212.64.199.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427692/; classtype:trojan-activity;sid:84290792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427693)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.ppc"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"212.64.199.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427693/; classtype:trojan-activity;sid:84290793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427694)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.arm7"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"212.64.199.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427694/; classtype:trojan-activity;sid:84290794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427695)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.arc"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"212.64.199.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427695/; classtype:trojan-activity;sid:84290795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427696)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.arm5"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"212.64.199.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427696/; classtype:trojan-activity;sid:84290796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427697)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.mpsl"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"212.64.199.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427697/; classtype:trojan-activity;sid:84290797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427698)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.x86"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"212.64.199.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427698/; classtype:trojan-activity;sid:84290798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427699)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.sh4"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"212.64.199.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427699/; classtype:trojan-activity;sid:84290799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427700)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.arm"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"212.64.199.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427700/; classtype:trojan-activity;sid:84290800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427701)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.mips"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"212.64.199.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427701/; classtype:trojan-activity;sid:84290801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427702)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.spc"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"212.64.199.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427702/; classtype:trojan-activity;sid:84290802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.202.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427690/; classtype:trojan-activity;sid:84290790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.58.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427689/; classtype:trojan-activity;sid:84290789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427679)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"157.230.233.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427679/; classtype:trojan-activity;sid:84290779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427680)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"157.230.233.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427680/; classtype:trojan-activity;sid:84290780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427681)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"157.230.233.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427681/; classtype:trojan-activity;sid:84290781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427682)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"157.230.233.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427682/; classtype:trojan-activity;sid:84290782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427683)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.230.233.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427683/; classtype:trojan-activity;sid:84290783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427684)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"157.230.233.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427684/; classtype:trojan-activity;sid:84290784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427685)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"157.230.233.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427685/; classtype:trojan-activity;sid:84290785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427686)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"157.230.233.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427686/; classtype:trojan-activity;sid:84290786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427687)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"157.230.233.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427687/; classtype:trojan-activity;sid:84290787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.173.101.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427688/; classtype:trojan-activity;sid:84290788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427675)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"157.230.233.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427675/; classtype:trojan-activity;sid:84290775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427676)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"157.230.233.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427676/; classtype:trojan-activity;sid:84290776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427677)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.230.233.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427677/; classtype:trojan-activity;sid:84290777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427678)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"157.230.233.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427678/; classtype:trojan-activity;sid:84290778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.217.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427673/; classtype:trojan-activity;sid:84290773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.202.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427674/; classtype:trojan-activity;sid:84290774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.27.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427672/; classtype:trojan-activity;sid:84290772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.5.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427671/; classtype:trojan-activity;sid:84290771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.230.165.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427670/; classtype:trojan-activity;sid:84290770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.74.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427669/; classtype:trojan-activity;sid:84290769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.178.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427668/; classtype:trojan-activity;sid:84290768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.204.196.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427667/; classtype:trojan-activity;sid:84290767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.196.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427666/; classtype:trojan-activity;sid:84290766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.76.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427665/; classtype:trojan-activity;sid:84290765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427664)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.235.155"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427664/; classtype:trojan-activity;sid:84290764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.255.229.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427663/; classtype:trojan-activity;sid:84290763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.196.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427662/; classtype:trojan-activity;sid:84290762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.0.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427661/; classtype:trojan-activity;sid:84290761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.40.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427660/; classtype:trojan-activity;sid:84290760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.253.130.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427659/; classtype:trojan-activity;sid:84290759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.9.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427658/; classtype:trojan-activity;sid:84290758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.9.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427657/; classtype:trojan-activity;sid:84290757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.255.229.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427656/; classtype:trojan-activity;sid:84290756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.231.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427655/; classtype:trojan-activity;sid:84290755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.52.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427654/; classtype:trojan-activity;sid:84290754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.253.130.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427653/; classtype:trojan-activity;sid:84290753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.7.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427652/; classtype:trojan-activity;sid:84290752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427651)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.40.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427651/; classtype:trojan-activity;sid:84290751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.5.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427650/; classtype:trojan-activity;sid:84290750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427649)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.226.170.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427649/; classtype:trojan-activity;sid:84290749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.244.176.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427648/; classtype:trojan-activity;sid:84290748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.26.189"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427647/; classtype:trojan-activity;sid:84290747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.36.148.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427646/; classtype:trojan-activity;sid:84290746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427645)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.231.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427645/; classtype:trojan-activity;sid:84290745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427644)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.3.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427644/; classtype:trojan-activity;sid:84290744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427643)"; flow:established,from_client; content:"GET"; http_method; content:"/where/wget.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"160.22.160.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427643/; classtype:trojan-activity;sid:84290743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427641)"; flow:established,from_client; content:"GET"; http_method; content:"/where/w.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"160.22.160.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427641/; classtype:trojan-activity;sid:84290741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427642)"; flow:established,from_client; content:"GET"; http_method; content:"/where/c.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"160.22.160.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427642/; classtype:trojan-activity;sid:84290742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427640)"; flow:established,from_client; content:"GET"; http_method; content:"/r/nntad24z/0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427640/; classtype:trojan-activity;sid:84290740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427639)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/pzxgkayu"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427639/; classtype:trojan-activity;sid:84290739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.252.207.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427638/; classtype:trojan-activity;sid:84290738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.68.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427637/; classtype:trojan-activity;sid:84290737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.67.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427636/; classtype:trojan-activity;sid:84290736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427634)"; flow:established,from_client; content:"GET"; http_method; content:"/awjsx.captcha"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"solve.vusy.run"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427634/; classtype:trojan-activity;sid:84290734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427635)"; flow:established,from_client; content:"GET"; http_method; content:"/awjsx.captcha"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"solve.socu.run"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427635/; classtype:trojan-activity;sid:84290735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.169.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427632/; classtype:trojan-activity;sid:84290732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427629)"; flow:established,from_client; content:"GET"; http_method; content:"/awjsx.captcha"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"solve.tugy.run"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427629/; classtype:trojan-activity;sid:84290729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427630)"; flow:established,from_client; content:"GET"; http_method; content:"/awjsx.captcha"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"solve.xecy.run"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427630/; classtype:trojan-activity;sid:84290730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.36.148.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427631/; classtype:trojan-activity;sid:84290731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.83.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427628/; classtype:trojan-activity;sid:84290728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.222.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427627/; classtype:trojan-activity;sid:84290727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427626)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427626/; classtype:trojan-activity;sid:84290726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427625)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.113.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427625/; classtype:trojan-activity;sid:84290725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427621)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.237.155.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427621/; classtype:trojan-activity;sid:84290721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427622)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.25.161.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427622/; classtype:trojan-activity;sid:84290722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427623)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.135.17.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427623/; classtype:trojan-activity;sid:84290723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427624)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.115.87.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427624/; classtype:trojan-activity;sid:84290724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427620)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.239.220.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427620/; classtype:trojan-activity;sid:84290720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.182.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427619/; classtype:trojan-activity;sid:84290719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.47.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427618/; classtype:trojan-activity;sid:84290718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.187.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427617/; classtype:trojan-activity;sid:84290717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.252.207.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427616/; classtype:trojan-activity;sid:84290716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.95.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427615/; classtype:trojan-activity;sid:84290715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427614)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.135.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427614/; classtype:trojan-activity;sid:84290714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.222.145.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427613/; classtype:trojan-activity;sid:84290713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.166.36.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427612/; classtype:trojan-activity;sid:84290712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.113.132.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427611/; classtype:trojan-activity;sid:84290711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.47.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427610/; classtype:trojan-activity;sid:84290710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.43.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427608/; classtype:trojan-activity;sid:84290708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.153.201.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427609/; classtype:trojan-activity;sid:84290709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.95.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427607/; classtype:trojan-activity;sid:84290707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.100.247.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427606/; classtype:trojan-activity;sid:84290706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427604)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.153.142.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427604/; classtype:trojan-activity;sid:84290704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427605)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.184.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427605/; classtype:trojan-activity;sid:84290705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.180.141.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427603/; classtype:trojan-activity;sid:84290703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.135.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427602/; classtype:trojan-activity;sid:84290702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.65.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427601/; classtype:trojan-activity;sid:84290701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.113.132.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427600/; classtype:trojan-activity;sid:84290700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.166.36.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427599/; classtype:trojan-activity;sid:84290699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427598)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.83.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427598/; classtype:trojan-activity;sid:84290698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427597)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.72.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427597/; classtype:trojan-activity;sid:84290697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.215.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427596/; classtype:trojan-activity;sid:84290696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.180.141.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427595/; classtype:trojan-activity;sid:84290695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.67.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427594/; classtype:trojan-activity;sid:84290694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.65.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427593/; classtype:trojan-activity;sid:84290693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.187.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427592/; classtype:trojan-activity;sid:84290692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427591/; classtype:trojan-activity;sid:84290691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427590)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.95.196.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427590/; classtype:trojan-activity;sid:84290690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.113.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427589/; classtype:trojan-activity;sid:84290689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427588)"; flow:established,from_client; content:"GET"; http_method; content:"/lazanya/kabonga/downloads/invoice.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427588/; classtype:trojan-activity;sid:84290688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427587)"; flow:established,from_client; content:"GET"; http_method; content:"/lazanya/jon/downloads/invoice.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427587/; classtype:trojan-activity;sid:84290687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427586)"; flow:established,from_client; content:"GET"; http_method; content:"/stools/files/downloads/_ovvtlvn.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427586/; classtype:trojan-activity;sid:84290686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427585)"; flow:established,from_client; content:"GET"; http_method; content:"/stools/files/downloads/muikfjd.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427585/; classtype:trojan-activity;sid:84290685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.215.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427583/; classtype:trojan-activity;sid:84290683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427584)"; flow:established,from_client; content:"GET"; http_method; content:"/stools/files/downloads/proxifier.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427584/; classtype:trojan-activity;sid:84290684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427582)"; flow:established,from_client; content:"GET"; http_method; content:"/stools/files/downloads/ffcr.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427582/; classtype:trojan-activity;sid:84290682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.48.28.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427581/; classtype:trojan-activity;sid:84290681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427580)"; flow:established,from_client; content:"GET"; http_method; content:"/serverenvio.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"pfwpifjwifksdfwjrfojnefoksorf5.duckdns.org"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427580/; classtype:trojan-activity;sid:84290680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427577)"; flow:established,from_client; content:"GET"; http_method; content:"/soporte_de_pagocamscanner030225.vbs"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"pfwpifjwifksdfwjrfojnefoksorf5.duckdns.org"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427577/; classtype:trojan-activity;sid:84290677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427578)"; flow:established,from_client; content:"GET"; http_method; content:"/soporte_de_pagocamscanner030225.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"pfwpifjwifksdfwjrfojnefoksorf5.duckdns.org"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427578/; classtype:trojan-activity;sid:84290678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427579)"; flow:established,from_client; content:"GET"; http_method; content:"/soporte_de_pagoscanner2504factura.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"pfwpifjwifksdfwjrfojnefoksorf5.duckdns.org"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427579/; classtype:trojan-activity;sid:84290679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.151.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427576/; classtype:trojan-activity;sid:84290676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427575)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.14.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427575/; classtype:trojan-activity;sid:84290675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.255.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427574/; classtype:trojan-activity;sid:84290674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"73.106.212.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427573/; classtype:trojan-activity;sid:84290673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.68.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427572/; classtype:trojan-activity;sid:84290672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.255.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427571/; classtype:trojan-activity;sid:84290671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.159.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427570/; classtype:trojan-activity;sid:84290670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.79.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427569/; classtype:trojan-activity;sid:84290669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427568)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.149.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427568/; classtype:trojan-activity;sid:84290668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427567)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.59.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427567/; classtype:trojan-activity;sid:84290667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.91.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427566/; classtype:trojan-activity;sid:84290666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.23.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427565/; classtype:trojan-activity;sid:84290665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.149.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427564/; classtype:trojan-activity;sid:84290664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"73.106.212.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427562/; classtype:trojan-activity;sid:84290662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427563)"; flow:established,from_client; content:"GET"; http_method; content:"/mqu9s56iy8wr6jzh"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"recepchtav3.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427563/; classtype:trojan-activity;sid:84290663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.255.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427561/; classtype:trojan-activity;sid:84290661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427560)"; flow:established,from_client; content:"GET"; http_method; content:"/9mcjid5wrd79liuk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"recepchtav3.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427560/; classtype:trojan-activity;sid:84290660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427559)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427559/; classtype:trojan-activity;sid:84290659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.106.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427557/; classtype:trojan-activity;sid:84290657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427558)"; flow:established,from_client; content:"GET"; http_method; content:"/pdb5574eyoidknvh"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"recepchtav3.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427558/; classtype:trojan-activity;sid:84290658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427556)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.98.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427556/; classtype:trojan-activity;sid:84290656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.24.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427554/; classtype:trojan-activity;sid:84290654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.48.28.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427555/; classtype:trojan-activity;sid:84290655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.85.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427553/; classtype:trojan-activity;sid:84290653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.23.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427552/; classtype:trojan-activity;sid:84290652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.25.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427551/; classtype:trojan-activity;sid:84290651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.83.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427550/; classtype:trojan-activity;sid:84290650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.12.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427549/; classtype:trojan-activity;sid:84290649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.224.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427548/; classtype:trojan-activity;sid:84290648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.26.233.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427547/; classtype:trojan-activity;sid:84290647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.251.176.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427546/; classtype:trojan-activity;sid:84290646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.183.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427545/; classtype:trojan-activity;sid:84290645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427544)"; flow:established,from_client; content:"GET"; http_method; content:"/awjsx.captcha"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"solve.pesa.run"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427544/; classtype:trojan-activity;sid:84290644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.222.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427543/; classtype:trojan-activity;sid:84290643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427542)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.156.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427542/; classtype:trojan-activity;sid:84290642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427541)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.180.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427541/; classtype:trojan-activity;sid:84290641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427540)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.122.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427540/; classtype:trojan-activity;sid:84290640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.4.59"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427539/; classtype:trojan-activity;sid:84290639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.75.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427538/; classtype:trojan-activity;sid:84290638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.30.110.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427537/; classtype:trojan-activity;sid:84290637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.174.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427536/; classtype:trojan-activity;sid:84290636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.25.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427535/; classtype:trojan-activity;sid:84290635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.104.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427534/; classtype:trojan-activity;sid:84290634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.183.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427533/; classtype:trojan-activity;sid:84290633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.169.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427532/; classtype:trojan-activity;sid:84290632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427531)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.233.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427531/; classtype:trojan-activity;sid:84290631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.128.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427530/; classtype:trojan-activity;sid:84290630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.135.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427529/; classtype:trojan-activity;sid:84290629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427528)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.180.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427528/; classtype:trojan-activity;sid:84290628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427527)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.32.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427527/; classtype:trojan-activity;sid:84290627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427520)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.3.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427520/; classtype:trojan-activity;sid:84290620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427521)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.101.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427521/; classtype:trojan-activity;sid:84290621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427522)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427522/; classtype:trojan-activity;sid:84290622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427523)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.22.160.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427523/; classtype:trojan-activity;sid:84290623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427524)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.10.175.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427524/; classtype:trojan-activity;sid:84290624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427525)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427525/; classtype:trojan-activity;sid:84290625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427526)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"172.32.123.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427526/; classtype:trojan-activity;sid:84290626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427519)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.174.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427519/; classtype:trojan-activity;sid:84290619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427517)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.25.237.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427517/; classtype:trojan-activity;sid:84290617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.7.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427518/; classtype:trojan-activity;sid:84290618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427516)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.3.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427516/; classtype:trojan-activity;sid:84290616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.169.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427515/; classtype:trojan-activity;sid:84290615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.167.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427514/; classtype:trojan-activity;sid:84290614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427513)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.95.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427513/; classtype:trojan-activity;sid:84290613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427512)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.104.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427512/; classtype:trojan-activity;sid:84290612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.240.205.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427511/; classtype:trojan-activity;sid:84290611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427510)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.231.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427510/; classtype:trojan-activity;sid:84290610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.84.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427509/; classtype:trojan-activity;sid:84290609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427508)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.86.97.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427508/; classtype:trojan-activity;sid:84290608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.227.183.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427507/; classtype:trojan-activity;sid:84290607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.171.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427506/; classtype:trojan-activity;sid:84290606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.173.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427505/; classtype:trojan-activity;sid:84290605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.173.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427504/; classtype:trojan-activity;sid:84290604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427503)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.240.205.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427503/; classtype:trojan-activity;sid:84290603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.197.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427502/; classtype:trojan-activity;sid:84290602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.7.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427501/; classtype:trojan-activity;sid:84290601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.247.146.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427500/; classtype:trojan-activity;sid:84290600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.75.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427499/; classtype:trojan-activity;sid:84290599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427496)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.84.235"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427496/; classtype:trojan-activity;sid:84290596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.172.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427497/; classtype:trojan-activity;sid:84290597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.219.17.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427498/; classtype:trojan-activity;sid:84290598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.77.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427495/; classtype:trojan-activity;sid:84290595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.196.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427494/; classtype:trojan-activity;sid:84290594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427493)"; flow:established,from_client; content:"GET"; http_method; content:"/e7f2-4033-awjxs.captcha"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bitlunch.smogturfprance.shop"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427493/; classtype:trojan-activity;sid:84290593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.215.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427492/; classtype:trojan-activity;sid:84290592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.171.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427490/; classtype:trojan-activity;sid:84290590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.227.183.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427491/; classtype:trojan-activity;sid:84290591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.61.231.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427489/; classtype:trojan-activity;sid:84290589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427488)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.146.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427488/; classtype:trojan-activity;sid:84290588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.211.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427487/; classtype:trojan-activity;sid:84290587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427486)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"23.158.56.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427486/; classtype:trojan-activity;sid:84290586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.28.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427485/; classtype:trojan-activity;sid:84290585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427484)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.187.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427484/; classtype:trojan-activity;sid:84290584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427482)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.231.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427482/; classtype:trojan-activity;sid:84290582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.9.106.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427483/; classtype:trojan-activity;sid:84290583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.84.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427481/; classtype:trojan-activity;sid:84290581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.249.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427479/; classtype:trojan-activity;sid:84290579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.196.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427480/; classtype:trojan-activity;sid:84290580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.61.29.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427478/; classtype:trojan-activity;sid:84290578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427477)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.77.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427477/; classtype:trojan-activity;sid:84290577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427476)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.221.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427476/; classtype:trojan-activity;sid:84290576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427475)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.211.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427475/; classtype:trojan-activity;sid:84290575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.89.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427474/; classtype:trojan-activity;sid:84290574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.13.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427473/; classtype:trojan-activity;sid:84290573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.84.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427472/; classtype:trojan-activity;sid:84290572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.249.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427471/; classtype:trojan-activity;sid:84290571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427470/; classtype:trojan-activity;sid:84290570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.149.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427469/; classtype:trojan-activity;sid:84290569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427467/; classtype:trojan-activity;sid:84290567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.9.106.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427468/; classtype:trojan-activity;sid:84290568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.22.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427466/; classtype:trojan-activity;sid:84290566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.237.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427465/; classtype:trojan-activity;sid:84290565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.61.29.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427464/; classtype:trojan-activity;sid:84290564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.81.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427463/; classtype:trojan-activity;sid:84290563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.13.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427462/; classtype:trojan-activity;sid:84290562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.43.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427461/; classtype:trojan-activity;sid:84290561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.172.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427460/; classtype:trojan-activity;sid:84290560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.128.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427459/; classtype:trojan-activity;sid:84290559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.25.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427458/; classtype:trojan-activity;sid:84290558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.5.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427457/; classtype:trojan-activity;sid:84290557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.7.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427456/; classtype:trojan-activity;sid:84290556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.192.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427455/; classtype:trojan-activity;sid:84290555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427454)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.121.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427454/; classtype:trojan-activity;sid:84290554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.22.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427453/; classtype:trojan-activity;sid:84290553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.91.113.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427452/; classtype:trojan-activity;sid:84290552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.231.178.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427451/; classtype:trojan-activity;sid:84290551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.43.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427450/; classtype:trojan-activity;sid:84290550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.237.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427449/; classtype:trojan-activity;sid:84290549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.5.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427448/; classtype:trojan-activity;sid:84290548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.25.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427447/; classtype:trojan-activity;sid:84290547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.190.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427446/; classtype:trojan-activity;sid:84290546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.132.133.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427445/; classtype:trojan-activity;sid:84290545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.9.119"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427444/; classtype:trojan-activity;sid:84290544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.83.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427443/; classtype:trojan-activity;sid:84290543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.3.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427442/; classtype:trojan-activity;sid:84290542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427441)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.118.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427441/; classtype:trojan-activity;sid:84290541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.209.201.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427440/; classtype:trojan-activity;sid:84290540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.84.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427439/; classtype:trojan-activity;sid:84290539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.85.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427438/; classtype:trojan-activity;sid:84290538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.9.119"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427437/; classtype:trojan-activity;sid:84290537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.214.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427436/; classtype:trojan-activity;sid:84290536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427432)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.173.101.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427432/; classtype:trojan-activity;sid:84290532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427433)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.48.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427433/; classtype:trojan-activity;sid:84290533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427434)"; flow:established,from_client; content:"GET"; http_method; content:"/awjsx.captcha"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"solve.vyzu.digital"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427434/; classtype:trojan-activity;sid:84290534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427435)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"140.237.7.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427435/; classtype:trojan-activity;sid:84290535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.106.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427431/; classtype:trojan-activity;sid:84290531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427430)"; flow:established,from_client; content:"GET"; http_method; content:"/awjsx.captcha"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"solve.reqy.digital"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427430/; classtype:trojan-activity;sid:84290530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.206.91.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427429/; classtype:trojan-activity;sid:84290529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.251.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427428/; classtype:trojan-activity;sid:84290528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.2.204"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427427/; classtype:trojan-activity;sid:84290527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.209.201.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427426/; classtype:trojan-activity;sid:84290526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427425)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.153.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427425/; classtype:trojan-activity;sid:84290525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427424)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.14.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427424/; classtype:trojan-activity;sid:84290524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427423)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.140.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427423/; classtype:trojan-activity;sid:84290523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427421)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.211.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427421/; classtype:trojan-activity;sid:84290521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427422)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427422/; classtype:trojan-activity;sid:84290522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427420)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427420/; classtype:trojan-activity;sid:84290520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427419)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.205.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427419/; classtype:trojan-activity;sid:84290519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427418)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.12.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427418/; classtype:trojan-activity;sid:84290518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427415)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.182.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427415/; classtype:trojan-activity;sid:84290515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.85.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427416/; classtype:trojan-activity;sid:84290516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427417)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.143.219.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427417/; classtype:trojan-activity;sid:84290517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.223.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427414/; classtype:trojan-activity;sid:84290514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.168.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427413/; classtype:trojan-activity;sid:84290513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.218.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427412/; classtype:trojan-activity;sid:84290512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427411)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.231.158.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427411/; classtype:trojan-activity;sid:84290511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.91.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427410/; classtype:trojan-activity;sid:84290510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.3.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427409/; classtype:trojan-activity;sid:84290509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.2.204"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427408/; classtype:trojan-activity;sid:84290508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.59.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427407/; classtype:trojan-activity;sid:84290507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.32.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427406/; classtype:trojan-activity;sid:84290506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427404)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.143.171.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427404/; classtype:trojan-activity;sid:84290504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.121.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427405/; classtype:trojan-activity;sid:84290505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.87.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427403/; classtype:trojan-activity;sid:84290503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.51.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427402/; classtype:trojan-activity;sid:84290502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.51.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427401/; classtype:trojan-activity;sid:84290501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.247.82.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427400/; classtype:trojan-activity;sid:84290500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.17.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427399/; classtype:trojan-activity;sid:84290499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427397)"; flow:established,from_client; content:"GET"; http_method; content:"/awjsx.captcha"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"solve.zera.bet"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427397/; classtype:trojan-activity;sid:84290497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427398)"; flow:established,from_client; content:"GET"; http_method; content:"/awjsx.captcha"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"solve.wuga.bet"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427398/; classtype:trojan-activity;sid:84290498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427396)"; flow:established,from_client; content:"GET"; http_method; content:"/awjsx.captcha"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"solve.fola.bet"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427396/; classtype:trojan-activity;sid:84290496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.106.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427395/; classtype:trojan-activity;sid:84290495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427394)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.149.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427394/; classtype:trojan-activity;sid:84290494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.169.234.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427393/; classtype:trojan-activity;sid:84290493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.18.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427392/; classtype:trojan-activity;sid:84290492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.188.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427391/; classtype:trojan-activity;sid:84290491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427389)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.39.19.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427389/; classtype:trojan-activity;sid:84290489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.157.73.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427390/; classtype:trojan-activity;sid:84290490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.4.103.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427387/; classtype:trojan-activity;sid:84290487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.38.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427388/; classtype:trojan-activity;sid:84290488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.247.82.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427386/; classtype:trojan-activity;sid:84290486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.47.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427385/; classtype:trojan-activity;sid:84290485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.169.234.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427384/; classtype:trojan-activity;sid:84290484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.247.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427383/; classtype:trojan-activity;sid:84290483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.103.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427382/; classtype:trojan-activity;sid:84290482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.19.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427381/; classtype:trojan-activity;sid:84290481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.9.67.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427380/; classtype:trojan-activity;sid:84290480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.52.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427379/; classtype:trojan-activity;sid:84290479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.82.183.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427378/; classtype:trojan-activity;sid:84290478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.237.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427377/; classtype:trojan-activity;sid:84290477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.18.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427376/; classtype:trojan-activity;sid:84290476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.81.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427375/; classtype:trojan-activity;sid:84290475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.153.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427374/; classtype:trojan-activity;sid:84290474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.25.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427373/; classtype:trojan-activity;sid:84290473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.188.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427372/; classtype:trojan-activity;sid:84290472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.180.34.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427371/; classtype:trojan-activity;sid:84290471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427370)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.85.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427370/; classtype:trojan-activity;sid:84290470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.52.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427369/; classtype:trojan-activity;sid:84290469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.239.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427368/; classtype:trojan-activity;sid:84290468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.237.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427367/; classtype:trojan-activity;sid:84290467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.36.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427366/; classtype:trojan-activity;sid:84290466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427365)"; flow:established,from_client; content:"GET"; http_method; content:"/awjsx.captcha"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"solve.qoze.bet"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427365/; classtype:trojan-activity;sid:84290465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427364)"; flow:established,from_client; content:"GET"; http_method; content:"/awjsx.captcha"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"solve.qace.bet"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427364/; classtype:trojan-activity;sid:84290464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.113.176.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427362/; classtype:trojan-activity;sid:84290462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427363)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.182.78.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427363/; classtype:trojan-activity;sid:84290463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427361)"; flow:established,from_client; content:"GET"; http_method; content:"/n9x0ep0mfr1km7je"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"recepchtav3.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427361/; classtype:trojan-activity;sid:84290461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.180.34.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427360/; classtype:trojan-activity;sid:84290460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427359)"; flow:established,from_client; content:"GET"; http_method; content:"/8039abe11e59d5c4b1e3405619ca6bd8.xll"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"nemoc.kliplygah.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427359/; classtype:trojan-activity;sid:84290459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427358)"; flow:established,from_client; content:"GET"; http_method; content:"/8qfpfgniw6ncbtse"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"recepchtav3.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427358/; classtype:trojan-activity;sid:84290458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.75.37.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427357/; classtype:trojan-activity;sid:84290457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.91.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427356/; classtype:trojan-activity;sid:84290456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.157.73.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427355/; classtype:trojan-activity;sid:84290455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.238.61"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427354/; classtype:trojan-activity;sid:84290454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.47.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427353/; classtype:trojan-activity;sid:84290453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.193.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427352/; classtype:trojan-activity;sid:84290452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.196.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427351/; classtype:trojan-activity;sid:84290451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427350)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.224.0.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427350/; classtype:trojan-activity;sid:84290450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427345)"; flow:established,from_client; content:"GET"; http_method; content:"/res.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"79.124.60.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427345/; classtype:trojan-activity;sid:84290445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427346)"; flow:established,from_client; content:"GET"; http_method; content:"/res.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"79.124.60.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427346/; classtype:trojan-activity;sid:84290446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427347)"; flow:established,from_client; content:"GET"; http_method; content:"/res.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"79.124.60.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427347/; classtype:trojan-activity;sid:84290447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427348)"; flow:established,from_client; content:"GET"; http_method; content:"/res.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"79.124.60.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427348/; classtype:trojan-activity;sid:84290448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427349)"; flow:established,from_client; content:"GET"; http_method; content:"/res.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"79.124.60.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427349/; classtype:trojan-activity;sid:84290449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427339)"; flow:established,from_client; content:"GET"; http_method; content:"/res.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"79.124.60.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427339/; classtype:trojan-activity;sid:84290439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427340)"; flow:established,from_client; content:"GET"; http_method; content:"/res.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"79.124.60.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427340/; classtype:trojan-activity;sid:84290440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427341)"; flow:established,from_client; content:"GET"; http_method; content:"/res.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"79.124.60.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427341/; classtype:trojan-activity;sid:84290441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427342)"; flow:established,from_client; content:"GET"; http_method; content:"/res.arc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"79.124.60.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427342/; classtype:trojan-activity;sid:84290442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427343)"; flow:established,from_client; content:"GET"; http_method; content:"/res.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"79.124.60.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427343/; classtype:trojan-activity;sid:84290443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427344)"; flow:established,from_client; content:"GET"; http_method; content:"/res.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"79.124.60.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427344/; classtype:trojan-activity;sid:84290444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427336)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.167.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427336/; classtype:trojan-activity;sid:84290436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427337)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.167.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427337/; classtype:trojan-activity;sid:84290437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427338)"; flow:established,from_client; content:"GET"; http_method; content:"/d/arc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427338/; classtype:trojan-activity;sid:84290438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427335)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427335/; classtype:trojan-activity;sid:84290435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427334)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.53.2.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427334/; classtype:trojan-activity;sid:84290434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.11.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427333/; classtype:trojan-activity;sid:84290433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427332)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.53.2.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427332/; classtype:trojan-activity;sid:84290432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.121.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427331/; classtype:trojan-activity;sid:84290431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72.29.46.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427330/; classtype:trojan-activity;sid:84290430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.107.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427329/; classtype:trojan-activity;sid:84290429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.210.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427328/; classtype:trojan-activity;sid:84290428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427327)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.200.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427327/; classtype:trojan-activity;sid:84290427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.125.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427326/; classtype:trojan-activity;sid:84290426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427324)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.65.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427324/; classtype:trojan-activity;sid:84290424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427325)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.80.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427325/; classtype:trojan-activity;sid:84290425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.146.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427323/; classtype:trojan-activity;sid:84290423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.89.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427322/; classtype:trojan-activity;sid:84290422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.193.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427321/; classtype:trojan-activity;sid:84290421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427320)"; flow:established,from_client; content:"GET"; http_method; content:"/wb6x8o.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427320/; classtype:trojan-activity;sid:84290420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427319)"; flow:established,from_client; content:"GET"; http_method; content:"/document/2019/12/05/13/x21-1575525820.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"attachment.vnecdn.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427319/; classtype:trojan-activity;sid:84290419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427318)"; flow:established,from_client; content:"GET"; http_method; content:"/exacag.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"13.48.129.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427318/; classtype:trojan-activity;sid:84290418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427316)"; flow:established,from_client; content:"GET"; http_method; content:"/bublegumle/hyh/raw/master/server.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427316/; classtype:trojan-activity;sid:84290416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427317)"; flow:established,from_client; content:"GET"; http_method; content:"/temperloin/piponis/refs/heads/main/cjrimgid.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427317/; classtype:trojan-activity;sid:84290417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427313)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/blader-4f96f.appspot.com/o/rem251.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427313/; classtype:trojan-activity;sid:84290413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427314)"; flow:established,from_client; content:"GET"; http_method; content:"/topg6565767677/discord/raw/refs/heads/main/discord.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427314/; classtype:trojan-activity;sid:84290414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427312)"; flow:established,from_client; content:"GET"; http_method; content:"/honkshefter/sundshefter/raw/refs/heads/main/winx32.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427312/; classtype:trojan-activity;sid:84290412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427309)"; flow:established,from_client; content:"GET"; http_method; content:"/past.hta"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"myfileview1.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427309/; classtype:trojan-activity;sid:84290409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427310)"; flow:established,from_client; content:"GET"; http_method; content:"/honkshefter/sundshefter/refs/heads/main/winx32.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427310/; classtype:trojan-activity;sid:84290410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427311)"; flow:established,from_client; content:"GET"; http_method; content:"/acfy/cpdb/main/cpdb.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427311/; classtype:trojan-activity;sid:84290411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427306)"; flow:established,from_client; content:"GET"; http_method; content:"/b7ab390145deb291/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"5.75.155.1"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427306/; classtype:trojan-activity;sid:84290406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427307)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/softokn3.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"94.142.138.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427307/; classtype:trojan-activity;sid:84290407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427308)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/nube-f5f04.appspot.com/o/ansy.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427308/; classtype:trojan-activity;sid:84290408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427305)"; flow:established,from_client; content:"GET"; http_method; content:"/tuesdayyxxxxxsiscoppppppppp.txt"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"metalofhonorrrr.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427305/; classtype:trojan-activity;sid:84290405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427303)"; flow:established,from_client; content:"GET"; http_method; content:"/putitongod.cmd"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"captcha214.pages.dev"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427303/; classtype:trojan-activity;sid:84290403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427304)"; flow:established,from_client; content:"GET"; http_method; content:"/install/k5e3n1tk6ox8"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"rdmfile.eu"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427304/; classtype:trojan-activity;sid:84290404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427301)"; flow:established,from_client; content:"GET"; http_method; content:"/2/15.ps1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"yogasitesdev.wpengine.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427301/; classtype:trojan-activity;sid:84290401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427300)"; flow:established,from_client; content:"GET"; http_method; content:"/base64.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.212.166.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427300/; classtype:trojan-activity;sid:84290400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427294)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/envs/dr1.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427294/; classtype:trojan-activity;sid:84290394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427295)"; flow:established,from_client; content:"GET"; http_method; content:"/recaptcha-verify"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"portaal.com.my"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427295/; classtype:trojan-activity;sid:84290395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427296)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/envs/dz.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427296/; classtype:trojan-activity;sid:84290396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427297)"; flow:established,from_client; content:"GET"; http_method; content:"/tuesdayyxxxxxsiscoppppppppp.txt"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"192.3.95.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427297/; classtype:trojan-activity;sid:84290397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427298)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/qj.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427298/; classtype:trojan-activity;sid:84290398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427299)"; flow:established,from_client; content:"GET"; http_method; content:"/a.cmd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"lnk1man.pages.dev"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427299/; classtype:trojan-activity;sid:84290399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427279)"; flow:established,from_client; content:"GET"; http_method; content:"/recaptcha-verify"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"captcha.nxgengames.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427279/; classtype:trojan-activity;sid:84290379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427280)"; flow:established,from_client; content:"GET"; http_method; content:"/recaptcha-verify"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"cloudbeam.openm.ist"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427280/; classtype:trojan-activity;sid:84290380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.114.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427281/; classtype:trojan-activity;sid:84290381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427282)"; flow:established,from_client; content:"GET"; http_method; content:"/45d8c6e0/files/uploaded/32.ps1"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"irp.cdn-website.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427282/; classtype:trojan-activity;sid:84290382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427283)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/fbn/mini/nicetomeetyoulittleheartsweetheartsheisbeautifulgirl.hta"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"198.23.187.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427283/; classtype:trojan-activity;sid:84290383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427284)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/raw/main/discord2.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427284/; classtype:trojan-activity;sid:84290384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427285)"; flow:established,from_client; content:"GET"; http_method; content:"/recaptcha-verify"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hasll.com.my"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427285/; classtype:trojan-activity;sid:84290385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427286)"; flow:established,from_client; content:"GET"; http_method; content:"/selfreps/telnet.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.241.65.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427286/; classtype:trojan-activity;sid:84290386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427287)"; flow:established,from_client; content:"GET"; http_method; content:"/andresberejno/aaaaaaa/raw/refs/heads/main/file.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427287/; classtype:trojan-activity;sid:84290387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427288)"; flow:established,from_client; content:"GET"; http_method; content:"/2/18.ps1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"nuobn.wpenginepowered.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427288/; classtype:trojan-activity;sid:84290388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427289)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/laser.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427289/; classtype:trojan-activity;sid:84290389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427290)"; flow:established,from_client; content:"GET"; http_method; content:"/recaptcha-verif"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"l1nxx.para.rip"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427290/; classtype:trojan-activity;sid:84290390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427291)"; flow:established,from_client; content:"GET"; http_method; content:"/hu.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"79.124.60.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427291/; classtype:trojan-activity;sid:84290391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427292)"; flow:established,from_client; content:"GET"; http_method; content:"/roli.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"rolimonss.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427292/; classtype:trojan-activity;sid:84290392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427293)"; flow:established,from_client; content:"GET"; http_method; content:"/belyy-git/karahook/raw/master/chsztdjvl.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427293/; classtype:trojan-activity;sid:84290393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427278)"; flow:established,from_client; content:"GET"; http_method; content:"/selfreps/telnet.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.241.65.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427278/; classtype:trojan-activity;sid:84290378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427272)"; flow:established,from_client; content:"GET"; http_method; content:"/selfreps/telnet.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.241.65.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427272/; classtype:trojan-activity;sid:84290372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427273)"; flow:established,from_client; content:"GET"; http_method; content:"/selfreps/telnet.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.241.65.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427273/; classtype:trojan-activity;sid:84290373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427274)"; flow:established,from_client; content:"GET"; http_method; content:"/selfreps/telnet.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.241.65.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427274/; classtype:trojan-activity;sid:84290374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427275)"; flow:established,from_client; content:"GET"; http_method; content:"/selfreps/telnet.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.241.65.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427275/; classtype:trojan-activity;sid:84290375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427276)"; flow:established,from_client; content:"GET"; http_method; content:"/selfreps/telnet.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.241.65.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427276/; classtype:trojan-activity;sid:84290376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427277)"; flow:established,from_client; content:"GET"; http_method; content:"/selfreps/telnet.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.241.65.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427277/; classtype:trojan-activity;sid:84290377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427270)"; flow:established,from_client; content:"GET"; http_method; content:"/selfreps/telnet.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.241.65.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427270/; classtype:trojan-activity;sid:84290370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427271)"; flow:established,from_client; content:"GET"; http_method; content:"/selfreps/telnet.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.241.65.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427271/; classtype:trojan-activity;sid:84290371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.138.12.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427266/; classtype:trojan-activity;sid:84290366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427267)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.251.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427267/; classtype:trojan-activity;sid:84290367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427268)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.251.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427268/; classtype:trojan-activity;sid:84290368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427269)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.12.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427269/; classtype:trojan-activity;sid:84290369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427264)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.60.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427264/; classtype:trojan-activity;sid:84290364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427265)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.88.119.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427265/; classtype:trojan-activity;sid:84290365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.250.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427263/; classtype:trojan-activity;sid:84290363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427259)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ckutz_jzjkgt7qonzgj2xk24zgk60vh6"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427259/; classtype:trojan-activity;sid:84290359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427260)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.31.228.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427260/; classtype:trojan-activity;sid:84290360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427261)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1lxxystwhkws8kvzm8b6o7sxcdttnjanq|7c|26|7c|export=download|7c|26|7c|authuser=0"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427261/; classtype:trojan-activity;sid:84290361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427262)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.136.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427262/; classtype:trojan-activity;sid:84290362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427256)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.235.192.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427256/; classtype:trojan-activity;sid:84290356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427257)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1zrvlatucwed3drv-uw7a6p9xyu8uonvg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427257/; classtype:trojan-activity;sid:84290357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427258)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1ubbdbdv1yyho82earju6i7hn-tomwicz|7c|26|7c|export=download|7c|26|7c|authuser=0"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427258/; classtype:trojan-activity;sid:84290358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427255)"; flow:established,from_client; content:"GET"; http_method; content:"/awjsx.captcha"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"solve.tyro.bet"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427255/; classtype:trojan-activity;sid:84290355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.85.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427254/; classtype:trojan-activity;sid:84290354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427253)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.228.0.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427253/; classtype:trojan-activity;sid:84290353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.206.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427252/; classtype:trojan-activity;sid:84290352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.11.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427251/; classtype:trojan-activity;sid:84290351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.6.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427250/; classtype:trojan-activity;sid:84290350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.55.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427249/; classtype:trojan-activity;sid:84290349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.132.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427248/; classtype:trojan-activity;sid:84290348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.146.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427247/; classtype:trojan-activity;sid:84290347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427246)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.114.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427246/; classtype:trojan-activity;sid:84290346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.219.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427245/; classtype:trojan-activity;sid:84290345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.209.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427244/; classtype:trojan-activity;sid:84290344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.86.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427242/; classtype:trojan-activity;sid:84290342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.77.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427243/; classtype:trojan-activity;sid:84290343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.242.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427241/; classtype:trojan-activity;sid:84290341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.6.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427239/; classtype:trojan-activity;sid:84290339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.120.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427240/; classtype:trojan-activity;sid:84290340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.8.112"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427238/; classtype:trojan-activity;sid:84290338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.55.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427237/; classtype:trojan-activity;sid:84290337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427236)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.25.206.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427236/; classtype:trojan-activity;sid:84290336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.242.128.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427235/; classtype:trojan-activity;sid:84290335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.200.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427234/; classtype:trojan-activity;sid:84290334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.182.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427233/; classtype:trojan-activity;sid:84290333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.32.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427232/; classtype:trojan-activity;sid:84290332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.219.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427231/; classtype:trojan-activity;sid:84290331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427230)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.36.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427230/; classtype:trojan-activity;sid:84290330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.242.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427229/; classtype:trojan-activity;sid:84290329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.26.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427228/; classtype:trojan-activity;sid:84290328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.77.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427227/; classtype:trojan-activity;sid:84290327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.135.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427226/; classtype:trojan-activity;sid:84290326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.86.112.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427225/; classtype:trojan-activity;sid:84290325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427222)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"193.143.1.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427222/; classtype:trojan-activity;sid:84290322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427223)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/armnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.143.1.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427223/; classtype:trojan-activity;sid:84290323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427224)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/arm5nk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193.143.1.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427224/; classtype:trojan-activity;sid:84290324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427219)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/x86_64nk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"193.143.1.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427219/; classtype:trojan-activity;sid:84290319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427220)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/i586"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.143.1.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427220/; classtype:trojan-activity;sid:84290320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427221)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/mipselnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"193.143.1.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427221/; classtype:trojan-activity;sid:84290321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427211)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/mipsel"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"eloquent-bouman.193-143-1-07.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427211/; classtype:trojan-activity;sid:84290311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427212)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.143.1.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427212/; classtype:trojan-activity;sid:84290312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427213)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"193-143-1-07.plesk.page"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427213/; classtype:trojan-activity;sid:84290313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427214)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/arm7nk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193.143.1.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427214/; classtype:trojan-activity;sid:84290314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427215)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/arm6nk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193.143.1.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427215/; classtype:trojan-activity;sid:84290315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427216)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/arm5nk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193-143-1-07.plesk.page"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427216/; classtype:trojan-activity;sid:84290316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427217)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/mipselnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"eloquent-bouman.193-143-1-07.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427217/; classtype:trojan-activity;sid:84290317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427218)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/i586"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"eloquent-bouman.193-143-1-07.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427218/; classtype:trojan-activity;sid:84290318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427189)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/arm6nk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193-143-1-07.plesk.page"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427189/; classtype:trojan-activity;sid:84290289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427190)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/mipsnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"eloquent-bouman.193-143-1-07.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427190/; classtype:trojan-activity;sid:84290290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427191)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"eloquent-bouman.193-143-1-07.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427191/; classtype:trojan-activity;sid:84290291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427192)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/i686nk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193-143-1-07.plesk.page"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427192/; classtype:trojan-activity;sid:84290292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427193)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193-143-1-07.plesk.page"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427193/; classtype:trojan-activity;sid:84290293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427194)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/arm7nk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"eloquent-bouman.193-143-1-07.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427194/; classtype:trojan-activity;sid:84290294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427195)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/armnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"eloquent-bouman.193-143-1-07.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427195/; classtype:trojan-activity;sid:84290295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427196)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"eloquent-bouman.193-143-1-07.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427196/; classtype:trojan-activity;sid:84290296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427197)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/arm5nk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"eloquent-bouman.193-143-1-07.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427197/; classtype:trojan-activity;sid:84290297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427198)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/x86_64nk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"193-143-1-07.plesk.page"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427198/; classtype:trojan-activity;sid:84290298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427199)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"eloquent-bouman.193-143-1-07.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427199/; classtype:trojan-activity;sid:84290299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427200)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"eloquent-bouman.193-143-1-07.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427200/; classtype:trojan-activity;sid:84290300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427201)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/i686nk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"eloquent-bouman.193-143-1-07.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427201/; classtype:trojan-activity;sid:84290301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427202)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/mipsnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193-143-1-07.plesk.page"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427202/; classtype:trojan-activity;sid:84290302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427203)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193-143-1-07.plesk.page"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427203/; classtype:trojan-activity;sid:84290303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427204)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/mipsel"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193-143-1-07.plesk.page"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427204/; classtype:trojan-activity;sid:84290304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427205)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193-143-1-07.plesk.page"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427205/; classtype:trojan-activity;sid:84290305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427206)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/x86_64nk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"eloquent-bouman.193-143-1-07.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427206/; classtype:trojan-activity;sid:84290306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427207)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/arm6nk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"eloquent-bouman.193-143-1-07.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427207/; classtype:trojan-activity;sid:84290307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427208)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"eloquent-bouman.193-143-1-07.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427208/; classtype:trojan-activity;sid:84290308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427209)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.143.1.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427209/; classtype:trojan-activity;sid:84290309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427210)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/mipsel"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193.143.1.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427210/; classtype:trojan-activity;sid:84290310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427172)"; flow:established,from_client; content:"GET"; http_method; content:"/boobs.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193-143-1-07.plesk.page"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427172/; classtype:trojan-activity;sid:84290272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427173)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/i686nk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193.143.1.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427173/; classtype:trojan-activity;sid:84290273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427174)"; flow:established,from_client; content:"GET"; http_method; content:"/boobs.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"eloquent-bouman.193-143-1-07.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427174/; classtype:trojan-activity;sid:84290274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427175)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.143.1.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427175/; classtype:trojan-activity;sid:84290275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427176)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/i586"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193-143-1-07.plesk.page"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427176/; classtype:trojan-activity;sid:84290276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427177)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193.143.1.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427177/; classtype:trojan-activity;sid:84290277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427178)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.143.1.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427178/; classtype:trojan-activity;sid:84290278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427179)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193-143-1-07.plesk.page"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427179/; classtype:trojan-activity;sid:84290279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427180)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"eloquent-bouman.193-143-1-07.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427180/; classtype:trojan-activity;sid:84290280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427181)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193-143-1-07.plesk.page"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427181/; classtype:trojan-activity;sid:84290281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427182)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/armnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193-143-1-07.plesk.page"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427182/; classtype:trojan-activity;sid:84290282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427183)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/mipselnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"193-143-1-07.plesk.page"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427183/; classtype:trojan-activity;sid:84290283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427184)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/mipsnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193.143.1.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427184/; classtype:trojan-activity;sid:84290284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427185)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"eloquent-bouman.193-143-1-07.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427185/; classtype:trojan-activity;sid:84290285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427186)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/arm7nk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193-143-1-07.plesk.page"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427186/; classtype:trojan-activity;sid:84290286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427187)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193-143-1-07.plesk.page"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427187/; classtype:trojan-activity;sid:84290287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427188)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.143.1.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427188/; classtype:trojan-activity;sid:84290288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.68.142.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427171/; classtype:trojan-activity;sid:84290271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.182.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427170/; classtype:trojan-activity;sid:84290270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.200.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427169/; classtype:trojan-activity;sid:84290269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427168)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.94.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427168/; classtype:trojan-activity;sid:84290268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427167)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.9.67.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427167/; classtype:trojan-activity;sid:84290267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.48.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427166/; classtype:trojan-activity;sid:84290266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.93.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427165/; classtype:trojan-activity;sid:84290265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.172.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427164/; classtype:trojan-activity;sid:84290264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.102.124.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427163/; classtype:trojan-activity;sid:84290263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.239.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427162/; classtype:trojan-activity;sid:84290262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.195.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427160/; classtype:trojan-activity;sid:84290260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.192.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427161/; classtype:trojan-activity;sid:84290261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.26.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427159/; classtype:trojan-activity;sid:84290259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.40.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427157/; classtype:trojan-activity;sid:84290257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.192.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427158/; classtype:trojan-activity;sid:84290258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.98.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427156/; classtype:trojan-activity;sid:84290256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.131.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427155/; classtype:trojan-activity;sid:84290255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.165.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427154/; classtype:trojan-activity;sid:84290254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.29.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427153/; classtype:trojan-activity;sid:84290253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.242.128.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427152/; classtype:trojan-activity;sid:84290252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.48.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427151/; classtype:trojan-activity;sid:84290251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.182.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427150/; classtype:trojan-activity;sid:84290250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.11.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427149/; classtype:trojan-activity;sid:84290249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.148.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427147/; classtype:trojan-activity;sid:84290247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.103.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427148/; classtype:trojan-activity;sid:84290248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427146)"; flow:established,from_client; content:"GET"; http_method; content:"/share/%e4%b8%80%e9%94%ae%e5%85%b3%e9%97%adwd.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"111.33.73.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427146/; classtype:trojan-activity;sid:84290246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.59.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427144/; classtype:trojan-activity;sid:84290244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.124.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427145/; classtype:trojan-activity;sid:84290245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.82.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427143/; classtype:trojan-activity;sid:84290243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.17.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427142/; classtype:trojan-activity;sid:84290242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.103.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427139/; classtype:trojan-activity;sid:84290239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.98.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427140/; classtype:trojan-activity;sid:84290240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.231.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427141/; classtype:trojan-activity;sid:84290241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.165.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427138/; classtype:trojan-activity;sid:84290238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.87.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427137/; classtype:trojan-activity;sid:84290237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.92.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427136/; classtype:trojan-activity;sid:84290236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.126.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427135/; classtype:trojan-activity;sid:84290235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427134)"; flow:established,from_client; content:"GET"; http_method; content:"/boobs.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.143.1.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427134/; classtype:trojan-activity;sid:84290234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.98.167"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427133/; classtype:trojan-activity;sid:84290233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.240.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427132/; classtype:trojan-activity;sid:84290232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.137.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427131/; classtype:trojan-activity;sid:84290231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.218.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427130/; classtype:trojan-activity;sid:84290230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427129)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.218.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427129/; classtype:trojan-activity;sid:84290229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.89.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427128/; classtype:trojan-activity;sid:84290228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.98.167"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427127/; classtype:trojan-activity;sid:84290227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427126)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.217.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427126/; classtype:trojan-activity;sid:84290226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.137.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427125/; classtype:trojan-activity;sid:84290225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.195.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427124/; classtype:trojan-activity;sid:84290224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.83.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427123/; classtype:trojan-activity;sid:84290223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.38.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427122/; classtype:trojan-activity;sid:84290222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.140.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427121/; classtype:trojan-activity;sid:84290221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427120/; classtype:trojan-activity;sid:84290220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.107.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427118/; classtype:trojan-activity;sid:84290218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.107.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427119/; classtype:trojan-activity;sid:84290219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.255.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427117/; classtype:trojan-activity;sid:84290217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.74.120.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427116/; classtype:trojan-activity;sid:84290216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427115)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.175.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427115/; classtype:trojan-activity;sid:84290215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.195.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427114/; classtype:trojan-activity;sid:84290214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"161.248.55.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427113/; classtype:trojan-activity;sid:84290213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.149.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427112/; classtype:trojan-activity;sid:84290212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.227.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427111/; classtype:trojan-activity;sid:84290211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427110)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.208.105.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427110/; classtype:trojan-activity;sid:84290210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.206.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427109/; classtype:trojan-activity;sid:84290209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.32.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427107/; classtype:trojan-activity;sid:84290207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.63.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427108/; classtype:trojan-activity;sid:84290208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427106)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.186.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427106/; classtype:trojan-activity;sid:84290206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427100)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.253.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427100/; classtype:trojan-activity;sid:84290200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427101)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.160.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427101/; classtype:trojan-activity;sid:84290201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427102)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427102/; classtype:trojan-activity;sid:84290202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427103)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427103/; classtype:trojan-activity;sid:84290203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427104)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.21.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427104/; classtype:trojan-activity;sid:84290204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427105)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.251.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427105/; classtype:trojan-activity;sid:84290205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427099)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.251.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427099/; classtype:trojan-activity;sid:84290199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427098)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427098/; classtype:trojan-activity;sid:84290198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427097)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.13.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427097/; classtype:trojan-activity;sid:84290197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427096)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.5.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427096/; classtype:trojan-activity;sid:84290196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427095)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.214.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427095/; classtype:trojan-activity;sid:84290195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427094)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.99.16.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427094/; classtype:trojan-activity;sid:84290194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.2.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427093/; classtype:trojan-activity;sid:84290193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.212.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427091/; classtype:trojan-activity;sid:84290191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"161.248.55.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427092/; classtype:trojan-activity;sid:84290192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.227.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427090/; classtype:trojan-activity;sid:84290190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.44.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427089/; classtype:trojan-activity;sid:84290189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.121.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427088/; classtype:trojan-activity;sid:84290188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.200.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427087/; classtype:trojan-activity;sid:84290187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427086)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"srogland.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427086/; classtype:trojan-activity;sid:84290186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427084)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"srogland.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427084/; classtype:trojan-activity;sid:84290184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427085)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"srogland.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427085/; classtype:trojan-activity;sid:84290185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427080)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"srogland.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427080/; classtype:trojan-activity;sid:84290180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427081)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"srogland.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427081/; classtype:trojan-activity;sid:84290181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427082)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"srogland.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427082/; classtype:trojan-activity;sid:84290182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427083)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"srogland.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427083/; classtype:trojan-activity;sid:84290183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427079)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"srogland.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427079/; classtype:trojan-activity;sid:84290179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427077)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"srogland.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427077/; classtype:trojan-activity;sid:84290177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427078)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"srogland.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427078/; classtype:trojan-activity;sid:84290178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.231.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427076/; classtype:trojan-activity;sid:84290176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.75.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427075/; classtype:trojan-activity;sid:84290175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.214.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427074/; classtype:trojan-activity;sid:84290174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.212.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427073/; classtype:trojan-activity;sid:84290173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427072)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cnc.kotomari-vn.dev"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427072/; classtype:trojan-activity;sid:84290172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427068)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cnc.kotomari-vn.dev"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427068/; classtype:trojan-activity;sid:84290168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427069)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cnc.kotomari-vn.dev"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427069/; classtype:trojan-activity;sid:84290169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427070)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cnc.kotomari-vn.dev"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427070/; classtype:trojan-activity;sid:84290170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427071)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cnc.kotomari-vn.dev"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427071/; classtype:trojan-activity;sid:84290171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427066)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cnc.kotomari-vn.dev"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427066/; classtype:trojan-activity;sid:84290166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427067)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cnc.kotomari-vn.dev"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427067/; classtype:trojan-activity;sid:84290167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427061)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cnc.kotomari-vn.dev"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427061/; classtype:trojan-activity;sid:84290161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427062)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cnc.kotomari-vn.dev"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427062/; classtype:trojan-activity;sid:84290162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427063)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cnc.kotomari-vn.dev"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427063/; classtype:trojan-activity;sid:84290163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427064)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cnc.kotomari-vn.dev"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427064/; classtype:trojan-activity;sid:84290164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427065)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cnc.kotomari-vn.dev"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427065/; classtype:trojan-activity;sid:84290165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427060)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cnc.kotomari-vn.dev"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427060/; classtype:trojan-activity;sid:84290160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427058)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"14.225.211.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427058/; classtype:trojan-activity;sid:84290158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427059)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"14.225.211.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427059/; classtype:trojan-activity;sid:84290159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.87.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427057/; classtype:trojan-activity;sid:84290157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.169.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427056/; classtype:trojan-activity;sid:84290156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.1.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427055/; classtype:trojan-activity;sid:84290155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427054)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.245.216.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427054/; classtype:trojan-activity;sid:84290154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427053)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.81.245.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427053/; classtype:trojan-activity;sid:84290153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427052)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.123.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427052/; classtype:trojan-activity;sid:84290152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427050)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"pbs-acheminement.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427050/; classtype:trojan-activity;sid:84290150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427051)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pbs-acheminement.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427051/; classtype:trojan-activity;sid:84290151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427041)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pbs-acheminement.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427041/; classtype:trojan-activity;sid:84290141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427042)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"pbs-acheminement.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427042/; classtype:trojan-activity;sid:84290142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427043)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pbs-acheminement.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427043/; classtype:trojan-activity;sid:84290143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427044)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pbs-acheminement.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427044/; classtype:trojan-activity;sid:84290144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427045)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"pbs-acheminement.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427045/; classtype:trojan-activity;sid:84290145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427046)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"pbs-acheminement.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427046/; classtype:trojan-activity;sid:84290146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427047)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pbs-acheminement.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427047/; classtype:trojan-activity;sid:84290147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427048)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pbs-acheminement.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427048/; classtype:trojan-activity;sid:84290148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427049)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pbs-acheminement.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427049/; classtype:trojan-activity;sid:84290149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427039)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pbs-acheminement.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427039/; classtype:trojan-activity;sid:84290139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427040)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pbs-acheminement.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427040/; classtype:trojan-activity;sid:84290140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427036)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"pbs-acheminement.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427036/; classtype:trojan-activity;sid:84290136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427037)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"pbs-acheminement.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427037/; classtype:trojan-activity;sid:84290137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427038)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pbs-acheminement.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427038/; classtype:trojan-activity;sid:84290138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427034)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pbs-acheminement.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427034/; classtype:trojan-activity;sid:84290134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427035)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pbs-acheminement.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427035/; classtype:trojan-activity;sid:84290135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427033)"; flow:established,from_client; content:"GET"; http_method; content:"/splmipsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pbs-acheminement.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427033/; classtype:trojan-activity;sid:84290133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.163.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427032/; classtype:trojan-activity;sid:84290132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427026)"; flow:established,from_client; content:"GET"; http_method; content:"/ah"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"pbs-acheminement.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427026/; classtype:trojan-activity;sid:84290126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427027)"; flow:established,from_client; content:"GET"; http_method; content:"/cn"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"pbs-acheminement.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427027/; classtype:trojan-activity;sid:84290127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427028)"; flow:established,from_client; content:"GET"; http_method; content:"/brr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"pbs-acheminement.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427028/; classtype:trojan-activity;sid:84290128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427029)"; flow:established,from_client; content:"GET"; http_method; content:"/buf"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"pbs-acheminement.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427029/; classtype:trojan-activity;sid:84290129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427030)"; flow:established,from_client; content:"GET"; http_method; content:"/chomp"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"pbs-acheminement.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427030/; classtype:trojan-activity;sid:84290130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.231.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427031/; classtype:trojan-activity;sid:84290131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.250.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427025/; classtype:trojan-activity;sid:84290125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427024)"; flow:established,from_client; content:"GET"; http_method; content:"/ah"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.156.167.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427024/; classtype:trojan-activity;sid:84290124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427020)"; flow:established,from_client; content:"GET"; http_method; content:"/chomp"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.156.167.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427020/; classtype:trojan-activity;sid:84290120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427021)"; flow:established,from_client; content:"GET"; http_method; content:"/cn"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.156.167.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427021/; classtype:trojan-activity;sid:84290121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427022)"; flow:established,from_client; content:"GET"; http_method; content:"/brr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.156.167.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427022/; classtype:trojan-activity;sid:84290122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427023)"; flow:established,from_client; content:"GET"; http_method; content:"/buf"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.156.167.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427023/; classtype:trojan-activity;sid:84290123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427019)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.136.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427019/; classtype:trojan-activity;sid:84290119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.99.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427018/; classtype:trojan-activity;sid:84290118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.250.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427017/; classtype:trojan-activity;sid:84290117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.222.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427016/; classtype:trojan-activity;sid:84290116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.156.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427015/; classtype:trojan-activity;sid:84290115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.188.74.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427014/; classtype:trojan-activity;sid:84290114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.168.169.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427013/; classtype:trojan-activity;sid:84290113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.15.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427012/; classtype:trojan-activity;sid:84290112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427010)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.114.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427010/; classtype:trojan-activity;sid:84290110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427011)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427011/; classtype:trojan-activity;sid:84290111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427009)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.134.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427009/; classtype:trojan-activity;sid:84290109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427008)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.75.37.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427008/; classtype:trojan-activity;sid:84290108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.91.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427007/; classtype:trojan-activity;sid:84290107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.44.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427006/; classtype:trojan-activity;sid:84290106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.203.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427005/; classtype:trojan-activity;sid:84290105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.231.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427004/; classtype:trojan-activity;sid:84290104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.87.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427003/; classtype:trojan-activity;sid:84290103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.206.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427002/; classtype:trojan-activity;sid:84290102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.168.169.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427000/; classtype:trojan-activity;sid:84290100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.149.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427001/; classtype:trojan-activity;sid:84290101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.26.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426998/; classtype:trojan-activity;sid:84290098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.143.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426999/; classtype:trojan-activity;sid:84290099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.25.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426997/; classtype:trojan-activity;sid:84290097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.2.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426996/; classtype:trojan-activity;sid:84290096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.149.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426995/; classtype:trojan-activity;sid:84290095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.211.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426994/; classtype:trojan-activity;sid:84290094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.149.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426992/; classtype:trojan-activity;sid:84290092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426993/; classtype:trojan-activity;sid:84290093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.143.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426991/; classtype:trojan-activity;sid:84290091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.131.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426990/; classtype:trojan-activity;sid:84290090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.241.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426989/; classtype:trojan-activity;sid:84290089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.86.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426987/; classtype:trojan-activity;sid:84290087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.121.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426988/; classtype:trojan-activity;sid:84290088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.206.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426985/; classtype:trojan-activity;sid:84290085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.99.237"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426986/; classtype:trojan-activity;sid:84290086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.2.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426984/; classtype:trojan-activity;sid:84290084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.131.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426983/; classtype:trojan-activity;sid:84290083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.83.173.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426982/; classtype:trojan-activity;sid:84290082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.211.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426981/; classtype:trojan-activity;sid:84290081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.173.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426979/; classtype:trojan-activity;sid:84290079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426980)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.211.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426980/; classtype:trojan-activity;sid:84290080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.211.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426978/; classtype:trojan-activity;sid:84290078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.96.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426977/; classtype:trojan-activity;sid:84290077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.25.206.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426976/; classtype:trojan-activity;sid:84290076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.26.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426975/; classtype:trojan-activity;sid:84290075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.83.173.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426974/; classtype:trojan-activity;sid:84290074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.94.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426973/; classtype:trojan-activity;sid:84290073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.218.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426972/; classtype:trojan-activity;sid:84290072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.241.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426971/; classtype:trojan-activity;sid:84290071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.29.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426970/; classtype:trojan-activity;sid:84290070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.141.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426969/; classtype:trojan-activity;sid:84290069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.26.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426968/; classtype:trojan-activity;sid:84290068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.186.235.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426967/; classtype:trojan-activity;sid:84290067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.211.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426966/; classtype:trojan-activity;sid:84290066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.25.206.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426965/; classtype:trojan-activity;sid:84290065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.30.110.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426964/; classtype:trojan-activity;sid:84290064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426963/; classtype:trojan-activity;sid:84290063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426962)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.96.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426962/; classtype:trojan-activity;sid:84290062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.151.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426961/; classtype:trojan-activity;sid:84290061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426960)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.174.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426960/; classtype:trojan-activity;sid:84290060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426959)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.4.136"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426959/; classtype:trojan-activity;sid:84290059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426958/; classtype:trojan-activity;sid:84290058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.11.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426957/; classtype:trojan-activity;sid:84290057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.2.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426956/; classtype:trojan-activity;sid:84290056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.244.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426955/; classtype:trojan-activity;sid:84290055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.194.137.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426954/; classtype:trojan-activity;sid:84290054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.244.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426953/; classtype:trojan-activity;sid:84290053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.96.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426952/; classtype:trojan-activity;sid:84290052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.87.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3426951/; classtype:trojan-activity;sid:84290051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.77.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426950/; classtype:trojan-activity;sid:84290050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426949)"; flow:established,from_client; content:"GET"; http_method; content:"/recaptcha-verify"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"proxyyy.pages.dev"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426949/; classtype:trojan-activity;sid:84290049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.40.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426948/; classtype:trojan-activity;sid:84290048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426947)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.137.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426947/; classtype:trojan-activity;sid:84290047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426946)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.137.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426946/; classtype:trojan-activity;sid:84290046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.11.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426945/; classtype:trojan-activity;sid:84290045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.2.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426944/; classtype:trojan-activity;sid:84290044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.139.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426943/; classtype:trojan-activity;sid:84290043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.148.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426941/; classtype:trojan-activity;sid:84290041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426942)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.244.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426942/; classtype:trojan-activity;sid:84290042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426940)"; flow:established,from_client; content:"GET"; http_method; content:"/xwormv5.4.rar"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.141.26.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426940/; classtype:trojan-activity;sid:84290040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426939)"; flow:established,from_client; content:"GET"; http_method; content:"/dg.rar"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.141.26.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426939/; classtype:trojan-activity;sid:84290039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426938)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.141.26.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426938/; classtype:trojan-activity;sid:84290038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.96.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426937/; classtype:trojan-activity;sid:84290037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.145.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426936/; classtype:trojan-activity;sid:84290036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.142.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426935/; classtype:trojan-activity;sid:84290035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.149.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426934/; classtype:trojan-activity;sid:84290034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.24.134.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426933/; classtype:trojan-activity;sid:84290033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426932/; classtype:trojan-activity;sid:84290032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426931)"; flow:established,from_client; content:"GET"; http_method; content:"/tradingbot482.txt"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"capcut.media"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426931/; classtype:trojan-activity;sid:84290031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426930)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"marketscan.me"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426930/; classtype:trojan-activity;sid:84290030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.187.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426929/; classtype:trojan-activity;sid:84290029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426928)"; flow:established,from_client; content:"GET"; http_method; content:"/z.zip"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"147.45.44.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426928/; classtype:trojan-activity;sid:84290028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.142.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426927/; classtype:trojan-activity;sid:84290027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426925)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.92.253.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426925/; classtype:trojan-activity;sid:84290025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.139.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426926/; classtype:trojan-activity;sid:84290026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.218.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426924/; classtype:trojan-activity;sid:84290024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.164.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426923/; classtype:trojan-activity;sid:84290023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.83.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426921/; classtype:trojan-activity;sid:84290021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.73.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426922/; classtype:trojan-activity;sid:84290022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.145.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426920/; classtype:trojan-activity;sid:84290020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.237.167.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426919/; classtype:trojan-activity;sid:84290019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.251.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426918/; classtype:trojan-activity;sid:84290018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.255.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426917/; classtype:trojan-activity;sid:84290017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.38.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426916/; classtype:trojan-activity;sid:84290016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.237.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426915/; classtype:trojan-activity;sid:84290015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.164.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426914/; classtype:trojan-activity;sid:84290014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.187.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426913/; classtype:trojan-activity;sid:84290013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.83.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426912/; classtype:trojan-activity;sid:84290012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.81.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426911/; classtype:trojan-activity;sid:84290011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.7.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426910/; classtype:trojan-activity;sid:84290010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.155.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426909/; classtype:trojan-activity;sid:84290009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426908)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.157.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426908/; classtype:trojan-activity;sid:84290008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.255.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426907/; classtype:trojan-activity;sid:84290007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.12.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426906/; classtype:trojan-activity;sid:84290006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.73.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426905/; classtype:trojan-activity;sid:84290005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.157.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426904/; classtype:trojan-activity;sid:84290004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.24.10.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426903/; classtype:trojan-activity;sid:84290003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.81.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426902/; classtype:trojan-activity;sid:84290002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426901)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.18.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426901/; classtype:trojan-activity;sid:84290001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.27.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426900/; classtype:trojan-activity;sid:84290000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426899)"; flow:established,from_client; content:"GET"; http_method; content:"/api/412310.ocx"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cloudnexo.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426899/; classtype:trojan-activity;sid:84289999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426898)"; flow:established,from_client; content:"GET"; http_method; content:"/api/510520.ocx"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"65.20.106.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426898/; classtype:trojan-activity;sid:84289998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426894)"; flow:established,from_client; content:"GET"; http_method; content:"/api/510520.ocx"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cloudnexo.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426894/; classtype:trojan-activity;sid:84289994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426895)"; flow:established,from_client; content:"GET"; http_method; content:"/api/412310.ocx"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"65.20.106.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426895/; classtype:trojan-activity;sid:84289995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426896)"; flow:established,from_client; content:"GET"; http_method; content:"/api/apis.ocx"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cloudnexo.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426896/; classtype:trojan-activity;sid:84289996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426897)"; flow:established,from_client; content:"GET"; http_method; content:"/api/apis.ocx"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"65.20.106.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426897/; classtype:trojan-activity;sid:84289997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426892)"; flow:established,from_client; content:"GET"; http_method; content:"/api/document_23091.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"65.20.106.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426892/; classtype:trojan-activity;sid:84289992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426893)"; flow:established,from_client; content:"GET"; http_method; content:"/api/document_23091.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"cloudnexo.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426893/; classtype:trojan-activity;sid:84289993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.32.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426891/; classtype:trojan-activity;sid:84289991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.209.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426890/; classtype:trojan-activity;sid:84289990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.35.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426889/; classtype:trojan-activity;sid:84289989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426877)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"209.141.40.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426877/; classtype:trojan-activity;sid:84289977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426878)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"209.141.40.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426878/; classtype:trojan-activity;sid:84289978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426879)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"209.141.40.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426879/; classtype:trojan-activity;sid:84289979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426880)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.141.40.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426880/; classtype:trojan-activity;sid:84289980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426881)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.141.40.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426881/; classtype:trojan-activity;sid:84289981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426882)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"209.141.40.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426882/; classtype:trojan-activity;sid:84289982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426883)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"209.141.40.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426883/; classtype:trojan-activity;sid:84289983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426884)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.141.40.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426884/; classtype:trojan-activity;sid:84289984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426885)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"209.141.40.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426885/; classtype:trojan-activity;sid:84289985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426886)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"209.141.40.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426886/; classtype:trojan-activity;sid:84289986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426887)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.141.40.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426887/; classtype:trojan-activity;sid:84289987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426888)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.141.40.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426888/; classtype:trojan-activity;sid:84289988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426876)"; flow:established,from_client; content:"GET"; http_method; content:"/led/pdf"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.202.4.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426876/; classtype:trojan-activity;sid:84289976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426875)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.40.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426875/; classtype:trojan-activity;sid:84289975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.12.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426874/; classtype:trojan-activity;sid:84289974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.27.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426873/; classtype:trojan-activity;sid:84289973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426872)"; flow:established,from_client; content:"GET"; http_method; content:"/api_documentation/apidocs.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"195.26.86.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426872/; classtype:trojan-activity;sid:84289972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.155.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426871/; classtype:trojan-activity;sid:84289971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426870)"; flow:established,from_client; content:"GET"; http_method; content:"/templates/imagesoftware/mediathek/nicebackgroundmovelivecolors.mp4.mp4"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"docshare.sbs"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426870/; classtype:trojan-activity;sid:84289970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.38.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426869/; classtype:trojan-activity;sid:84289969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.237.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426868/; classtype:trojan-activity;sid:84289968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426867)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/importantinformation.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"185.161.251.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426867/; classtype:trojan-activity;sid:84289967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.212.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426866/; classtype:trojan-activity;sid:84289966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426864/; classtype:trojan-activity;sid:84289964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.88.191.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426863/; classtype:trojan-activity;sid:84289963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.32.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426862/; classtype:trojan-activity;sid:84289962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.35.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426861/; classtype:trojan-activity;sid:84289961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.55.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426860/; classtype:trojan-activity;sid:84289960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426859)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/krustypaper.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"45.151.62.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426859/; classtype:trojan-activity;sid:84289959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426858)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/95ab163c-aeea-20d3-2d44-2129ec121fba.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426858/; classtype:trojan-activity;sid:84289958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426844)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/700_b.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426844/; classtype:trojan-activity;sid:84289944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426845)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/granny-flat-gallery-img-03.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426845/; classtype:trojan-activity;sid:84289945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426846)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/465.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426846/; classtype:trojan-activity;sid:84289946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426847)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/porcelain-wall-art.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426847/; classtype:trojan-activity;sid:84289947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426848)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pmd-tbs-1-e1531134196999.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426848/; classtype:trojan-activity;sid:84289948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426849)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/customize-1-500x500-1-12.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426849/; classtype:trojan-activity;sid:84289949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426850)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_9065.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426850/; classtype:trojan-activity;sid:84289950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426851)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc04385-edit.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426851/; classtype:trojan-activity;sid:84289951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426852)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20s.png.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426852/; classtype:trojan-activity;sid:84289952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426853)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2025011571.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426853/; classtype:trojan-activity;sid:84289953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426854)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_4721.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426854/; classtype:trojan-activity;sid:84289954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426855)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bilan-cgt-2024.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426855/; classtype:trojan-activity;sid:84289955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426856)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hospital-bed-elevator-500x500-1.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426856/; classtype:trojan-activity;sid:84289956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426857)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases_del_concurso_qu_aprendimos_de_neurociencia.doc.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426857/; classtype:trojan-activity;sid:84289957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426829)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot_20240517-151455.png.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426829/; classtype:trojan-activity;sid:84289929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426830)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tablero-de-rutinas.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426830/; classtype:trojan-activity;sid:84289930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426831)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dng_2502-534x800.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426831/; classtype:trojan-activity;sid:84289931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426832)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/34-scaled.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426832/; classtype:trojan-activity;sid:84289932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426833)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_8477-copy.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426833/; classtype:trojan-activity;sid:84289933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426834)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/87240f8d-11cb-0886-7a99-9376e0da5fec.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426834/; classtype:trojan-activity;sid:84289934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426835)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fachada-allende-2.png.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426835/; classtype:trojan-activity;sid:84289935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426836)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/artboard-15-1.png.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426836/; classtype:trojan-activity;sid:84289936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426837)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/unit25252525252525252525252525252525252525252525252525252525252525c325252525252525252525252525252525252525252525252525252525252525a0-b-1.pdf.lnk"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426837/; classtype:trojan-activity;sid:84289937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426838)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sinai-pearl-beige-brushed-finish.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426838/; classtype:trojan-activity;sid:84289938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426839)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/22338876_1721504394561375_3511494150978574662_o.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426839/; classtype:trojan-activity;sid:84289939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426840)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hnh109110111-left-to-right.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426840/; classtype:trojan-activity;sid:84289940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426841)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/armset-honda1-oem.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426841/; classtype:trojan-activity;sid:84289941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426842)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pmd-bns-2a-e1530976015414.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426842/; classtype:trojan-activity;sid:84289942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426843)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/daftar-nominatif-pantarlih-pemilu-tahun-2024-kecamatan-cirinten.pdf.lnk"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426843/; classtype:trojan-activity;sid:84289943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426826)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/libro-resumen-congreso-regional-escolar-2019.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426826/; classtype:trojan-activity;sid:84289926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426827)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-11-19-at-10.04.19-pm.jpeg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426827/; classtype:trojan-activity;sid:84289927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426828)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/office-gallery-1.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426828/; classtype:trojan-activity;sid:84289928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426815)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56838468.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426815/; classtype:trojan-activity;sid:84289915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426816)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anexo-1-_-carta-de-apoyo-directores-1.docx.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426816/; classtype:trojan-activity;sid:84289916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426817)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ac-case-2-oem.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426817/; classtype:trojan-activity;sid:84289917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426818)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3-3.png.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426818/; classtype:trojan-activity;sid:84289918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426819)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ac-case-suzuki-oem.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426819/; classtype:trojan-activity;sid:84289919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426820)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/18.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426820/; classtype:trojan-activity;sid:84289920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426821)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/0446004_panasonic-dect-cordless-phone-black-kxtg6711.jpeg.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426821/; classtype:trojan-activity;sid:84289921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426822)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gxgt_xewuaawvjv.jpeg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426822/; classtype:trojan-activity;sid:84289922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426823)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ponderado-la-guajira.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426823/; classtype:trojan-activity;sid:84289923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426824)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/09-min.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426824/; classtype:trojan-activity;sid:84289924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426825)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/28-depok.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426825/; classtype:trojan-activity;sid:84289925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426807)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fitness-3.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426807/; classtype:trojan-activity;sid:84289907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426808)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/marcelo-porto-de-galinhas-ext-aerea-02-r01resultado-me252525252525252525252525252525252525252525252525252525252525252525252525252525cc25252525252525252525252525252525252525252525252525252525252525252525252525252581dio.jpeg.lnk"; http_uri; depth:237; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426808/; classtype:trojan-activity;sid:84289908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426809)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc04319-edit.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426809/; classtype:trojan-activity;sid:84289909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426810)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rokovnici-kalendari-2025.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426810/; classtype:trojan-activity;sid:84289910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426811)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/suportes-bandeiras-promocionais_suporte-roda-dim.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426811/; classtype:trojan-activity;sid:84289911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426812)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/florida-tarpon13.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426812/; classtype:trojan-activity;sid:84289912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426813)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/603.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426813/; classtype:trojan-activity;sid:84289913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426814)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/queen-mary-university-trip-img-20-408x544-1.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426814/; classtype:trojan-activity;sid:84289914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426799)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/az_golden_pulse_2024-1140x570-1.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426799/; classtype:trojan-activity;sid:84289899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426800)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_2355-1200x800.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426800/; classtype:trojan-activity;sid:84289900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426801)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/box-console-honda-oem.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426801/; classtype:trojan-activity;sid:84289901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426802)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-26.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426802/; classtype:trojan-activity;sid:84289902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426803)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/material-de-canciones-para-estimular-el-lenguaje.pdf.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426803/; classtype:trojan-activity;sid:84289903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426804)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/all_pansu_3.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426804/; classtype:trojan-activity;sid:84289904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426805)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/e05_01.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426805/; classtype:trojan-activity;sid:84289905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426806)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fbfe3dd8-ec68-f5df-ec53-1c34ed0cc5b5.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426806/; classtype:trojan-activity;sid:84289906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426791)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/descarga-2024-11-21t101916.898.png.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426791/; classtype:trojan-activity;sid:84289891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426792)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_7978.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426792/; classtype:trojan-activity;sid:84289892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426793)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/guia-de-ecologia-marina-comprimido-78-al-154.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426793/; classtype:trojan-activity;sid:84289893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426794)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/granny-flat-main-gallery-img-01.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426794/; classtype:trojan-activity;sid:84289894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426795)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/portafolio_xingmedical_v1.2.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426795/; classtype:trojan-activity;sid:84289895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426796)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pernambuco-tamarineira-int-layout-c-r01resultado-me25252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525cc2525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252581dio.jpeg.lnk"; http_uri; depth:262; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426796/; classtype:trojan-activity;sid:84289896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426797)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/centrala-esprit-738252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252b.jpg.lnk"; http_uri; depth:240; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426797/; classtype:trojan-activity;sid:84289897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426798)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1.-bitacora-252525252525252525252525252525252525252525c2252525252525252525252525252525252525252525bfpor-que-cambia-de-forma-la-luna-agp.pdf.lnk"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426798/; classtype:trojan-activity;sid:84289898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426787)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/291557675392.png.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426787/; classtype:trojan-activity;sid:84289887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426788)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/383-1.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426788/; classtype:trojan-activity;sid:84289888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426789)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/descarga-2024-11-20t174857.141.png.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426789/; classtype:trojan-activity;sid:84289889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426790)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5d2b02c0-2f15-2b9a-0c44-2d02d29d3611.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426790/; classtype:trojan-activity;sid:84289890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426779)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kldaa.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426779/; classtype:trojan-activity;sid:84289879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426780)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/s-l1600-3-1024x1024.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426780/; classtype:trojan-activity;sid:84289880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426781)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cardial-klinika-beograd-6.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426781/; classtype:trojan-activity;sid:84289881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426782)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/matsamo-cultural-village.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426782/; classtype:trojan-activity;sid:84289882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426783)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/m500303_0004055_p.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426783/; classtype:trojan-activity;sid:84289883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426784)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vc-2-24-c.-cipres-col.-guillen-20.jpeg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426784/; classtype:trojan-activity;sid:84289884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426785)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rl-40-5.jpeg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426785/; classtype:trojan-activity;sid:84289885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426786)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mak-100-5195-1024x1024.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426786/; classtype:trojan-activity;sid:84289886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426771)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-29-1-scaled.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426771/; classtype:trojan-activity;sid:84289871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426772)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/06143438-story-image-78073_cover_800x492.png.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426772/; classtype:trojan-activity;sid:84289872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426773)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bandeiras-promocionais-dimensoes-p1.png.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426773/; classtype:trojan-activity;sid:84289873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426774)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/american-drill.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426774/; classtype:trojan-activity;sid:84289874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426775)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/juz-1.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426775/; classtype:trojan-activity;sid:84289875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426776)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/weekly-gastronomical-tuscan-cooking-adventure.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426776/; classtype:trojan-activity;sid:84289876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426777)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/as-header07.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426777/; classtype:trojan-activity;sid:84289877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426778)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_7920-copy.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426778/; classtype:trojan-activity;sid:84289878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426761)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fitness-2.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426761/; classtype:trojan-activity;sid:84289861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426762)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-2022-12-19-20-30-11_1.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426762/; classtype:trojan-activity;sid:84289862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426763)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urb-tbs-chess-b200.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426763/; classtype:trojan-activity;sid:84289863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426764)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dovlecei-zucchini-beneficii.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426764/; classtype:trojan-activity;sid:84289864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426765)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stock-image-70891567-xl-scaled.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426765/; classtype:trojan-activity;sid:84289865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426766)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/s-l1600-1-1024x623.png.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426766/; classtype:trojan-activity;sid:84289866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426767)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/office-gallery-4.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426767/; classtype:trojan-activity;sid:84289867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426768)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gxne1kixcaawt-e-1024x574.jpeg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426768/; classtype:trojan-activity;sid:84289868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426769)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/961558783618.png.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426769/; classtype:trojan-activity;sid:84289869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426770)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gbrffv.png.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426770/; classtype:trojan-activity;sid:84289870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426755)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sinai-pearl-grey-2.jpeg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426755/; classtype:trojan-activity;sid:84289855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426756)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4-2-scaled.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426756/; classtype:trojan-activity;sid:84289856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426757)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cardial-klinika-beograd-7.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426757/; classtype:trojan-activity;sid:84289857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426758)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bl67.png.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426758/; classtype:trojan-activity;sid:84289858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426759)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gfgrancostaadeje.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426759/; classtype:trojan-activity;sid:84289859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426760)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/28.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426760/; classtype:trojan-activity;sid:84289860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426748)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/43957_0.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426748/; classtype:trojan-activity;sid:84289848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426749)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ace-clearwater-logo-for-website-sponsor.png.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426749/; classtype:trojan-activity;sid:84289849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426750)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cp-9020209-na-gallery-cv450-psu-12-1.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426750/; classtype:trojan-activity;sid:84289850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426751)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eduardoramosfotos-32-2.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426751/; classtype:trojan-activity;sid:84289851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426752)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/encuesta-metropolitana-revdege13042017_2.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426752/; classtype:trojan-activity;sid:84289852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426753)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc04358-edit-edit.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426753/; classtype:trojan-activity;sid:84289853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426754)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/catalogo-de-productos.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426754/; classtype:trojan-activity;sid:84289854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426742)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7e8d89b9-b891-c2c6-d5f5-ec5c9c2b0d20.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426742/; classtype:trojan-activity;sid:84289842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426743)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_8408.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426743/; classtype:trojan-activity;sid:84289843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426744)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/71sdca1wkol._ac_uf350350_ql80_.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426744/; classtype:trojan-activity;sid:84289844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426745)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2024bba201.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426745/; classtype:trojan-activity;sid:84289845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426746)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/645-2.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426746/; classtype:trojan-activity;sid:84289846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426747)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2018-complaints-resolution-policy.asd_.doc.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426747/; classtype:trojan-activity;sid:84289847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426738)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/seleccionados-feria-hcvc-2024.docx.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426738/; classtype:trojan-activity;sid:84289838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426739)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/as-header02.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426739/; classtype:trojan-activity;sid:84289839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426740)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/duplex.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426740/; classtype:trojan-activity;sid:84289840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426741)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/udhezim-nr.2-date-8.2.2023-kriteret-dhe-procedurat-e-kualifikimit-te-mesuesve-1.pdf.lnk"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426741/; classtype:trojan-activity;sid:84289841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426724)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/queen-mary-university-trip-img-1-725x544-2.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426724/; classtype:trojan-activity;sid:84289824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426725)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sticker-koin-nu-2.jpeg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426725/; classtype:trojan-activity;sid:84289825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426726)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mv5bodcxotzjzdqtnmu4ni00ytnllwjhodgtzwq2nmq3ytnkzguwxkeyxkfqcgdeqxvynje1otq0nja2525252525252525252525252525252525252525252525252525252540._v1_.jpg.lnk"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426726/; classtype:trojan-activity;sid:84289826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426727)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/217503653_10223527311425403_5394690085267293825_n-1.jpg.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426727/; classtype:trojan-activity;sid:84289827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426728)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/363.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426728/; classtype:trojan-activity;sid:84289828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426729)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3234a.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426729/; classtype:trojan-activity;sid:84289829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426730)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-6-1-scaled.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426730/; classtype:trojan-activity;sid:84289830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426731)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ribstop-drill.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426731/; classtype:trojan-activity;sid:84289831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426732)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-facade-s-house-desain-arsitek-oleh-simple-projects-architecture.jpeg.lnk"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426732/; classtype:trojan-activity;sid:84289832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426733)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_8289.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426733/; classtype:trojan-activity;sid:84289833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426734)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/set-de-la-granja.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426734/; classtype:trojan-activity;sid:84289834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426735)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/iie-formativo-cs.-nat-mariquina-1024x576.jpg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426735/; classtype:trojan-activity;sid:84289835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426736)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dell-3320-03_1_1.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426736/; classtype:trojan-activity;sid:84289836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426737)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jn2021-mod_12-se-alquila-12.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426737/; classtype:trojan-activity;sid:84289837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426718)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jn2021-mod_12-se_alquila-antic-foto_video_03.jpg.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426718/; classtype:trojan-activity;sid:84289818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426719)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8929a7ca445fb301ea4e19.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426719/; classtype:trojan-activity;sid:84289819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426720)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0964-1200x800.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426720/; classtype:trojan-activity;sid:84289820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426721)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gxwnkydxkaaiwsm-1024x682.jpeg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426721/; classtype:trojan-activity;sid:84289821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426722)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_7990.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426722/; classtype:trojan-activity;sid:84289822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426723)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/floating-breakfast.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426723/; classtype:trojan-activity;sid:84289823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426710)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/te-2023-681x1024.png.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426710/; classtype:trojan-activity;sid:84289810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426711)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6045-533x800.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426711/; classtype:trojan-activity;sid:84289811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426712)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/06-min-1.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426712/; classtype:trojan-activity;sid:84289812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426713)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cardial-klinika-beograd-8.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426713/; classtype:trojan-activity;sid:84289813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426714)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jn2021-mod_12-se-alquila-14.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426714/; classtype:trojan-activity;sid:84289814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426715)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot-858.png.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426715/; classtype:trojan-activity;sid:84289815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426716)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/acer-nitro-5_an515-55_gallery_03-12.png.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426716/; classtype:trojan-activity;sid:84289816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426717)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/22-cilegon.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426717/; classtype:trojan-activity;sid:84289817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426704)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-8-3-scaled.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426704/; classtype:trojan-activity;sid:84289804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426705)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mcconauhazelayered_web.png.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426705/; classtype:trojan-activity;sid:84289805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426706)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot_20250130_204744_canva-1-793x1030.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426706/; classtype:trojan-activity;sid:84289806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426707)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dd59c2eb-a970-a0d7-b2e4-f6194fd0a435.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426707/; classtype:trojan-activity;sid:84289807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426708)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tiamo-fishing02.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426708/; classtype:trojan-activity;sid:84289808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426709)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ezdo-conductivity-meter-cond-5021-details-box.jpg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426709/; classtype:trojan-activity;sid:84289809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426700)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anexos-crecyt-2018.docx.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426700/; classtype:trojan-activity;sid:84289800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426701)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9d78e0f30766f038a9773.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426701/; classtype:trojan-activity;sid:84289801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426702)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/research-paper-rev-mikaya-abridged-website1.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426702/; classtype:trojan-activity;sid:84289802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426703)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jn_2025-bogota_2025-1.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426703/; classtype:trojan-activity;sid:84289803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426691)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/descarga-2024-11-21t115721.464.png.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426691/; classtype:trojan-activity;sid:84289791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426692)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cprratemonitor.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426692/; classtype:trojan-activity;sid:84289792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426693)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/acta-liga-de-usuarios-1.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426693/; classtype:trojan-activity;sid:84289793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426694)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5.-decret-2004-328-du-19-avril-2004-reglementant-avitaillement-des-navires.pdf.lnk"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426694/; classtype:trojan-activity;sid:84289794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426695)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/viber_image_2024-02-07_23-12-31-004-e1710718138754.jpg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426695/; classtype:trojan-activity;sid:84289795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426696)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4e5984e5-faa7-2114-f012-62c5bbbf3830.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426696/; classtype:trojan-activity;sid:84289796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426697)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1213.png.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426697/; classtype:trojan-activity;sid:84289797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426698)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_4662.png.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426698/; classtype:trojan-activity;sid:84289798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426699)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1696845629_depositphotos_79027018_xl-scaled.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426699/; classtype:trojan-activity;sid:84289799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426680)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/det-l5.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426680/; classtype:trojan-activity;sid:84289780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426681)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/purple.png.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426681/; classtype:trojan-activity;sid:84289781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426682)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mr.data-3d-hat-infinite-loop-f7f9fd-bkg.mp4.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426682/; classtype:trojan-activity;sid:84289782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426683)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_8085-2-1200x800.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426683/; classtype:trojan-activity;sid:84289783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426684)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/contrato20240314_09502045.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426684/; classtype:trojan-activity;sid:84289784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426685)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cata252525252525252525252525252525252525cc25252525252525252525252525252525252581logo-cti-slep_barrancas.pdf.lnk"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426685/; classtype:trojan-activity;sid:84289785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426686)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/armset-honda-oem.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426686/; classtype:trojan-activity;sid:84289786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426687)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-6212.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426687/; classtype:trojan-activity;sid:84289787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426688)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/d_846786-mlu54963699485_042023-o.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426688/; classtype:trojan-activity;sid:84289788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426689)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/50-resistance-loop-band-exercises.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426689/; classtype:trojan-activity;sid:84289789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426690)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/efce342d-06cd-4f59-3660-04b765720c70.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426690/; classtype:trojan-activity;sid:84289790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426675)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_8255.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426675/; classtype:trojan-activity;sid:84289775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426676)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-03-29-at-6.00.34-pm.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426676/; classtype:trojan-activity;sid:84289776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426677)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_8165-2-1200x800.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426677/; classtype:trojan-activity;sid:84289777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426678)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/__patrick_demarchelier_-_august_vogue_1_255b1255d.jpg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426678/; classtype:trojan-activity;sid:84289778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426679)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/as-header03.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426679/; classtype:trojan-activity;sid:84289779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426666)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/galala-light.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426666/; classtype:trojan-activity;sid:84289766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426667)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20210404-ccc-leyendas-descargarcertificadoelectronico.pdf.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426667/; classtype:trojan-activity;sid:84289767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426668)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/descarga-2024-11-20t213212.396.png.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426668/; classtype:trojan-activity;sid:84289768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426669)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zafarana-3.jpeg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426669/; classtype:trojan-activity;sid:84289769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426670)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/50-physio-band-exercises.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426670/; classtype:trojan-activity;sid:84289770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426671)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2020-03-19-at-08.41.30-1.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426671/; classtype:trojan-activity;sid:84289771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426672)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3028.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426672/; classtype:trojan-activity;sid:84289772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426673)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tiamo-fishing001.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426673/; classtype:trojan-activity;sid:84289773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426674)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/27.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426674/; classtype:trojan-activity;sid:84289774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426663)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/290abbd7-f4ec-65a2-231a-b2ec805ef976.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426663/; classtype:trojan-activity;sid:84289763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426664)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jn2021-mod_12-se-alquila-6.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426664/; classtype:trojan-activity;sid:84289764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426665)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/modern-kitchen-interior-design-5hqb384.jpg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426665/; classtype:trojan-activity;sid:84289765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426655)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/16754553255bb41d62774a54f756c6495c43a2b8fc.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426655/; classtype:trojan-activity;sid:84289755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426656)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot-861.png.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426656/; classtype:trojan-activity;sid:84289756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426657)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chs-213-1397-tablas-de-perfiles.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426657/; classtype:trojan-activity;sid:84289757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426658)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/la-guajira-noticias-viernes-8-de-noviembre-de-2024.pdf.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426658/; classtype:trojan-activity;sid:84289758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426659)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sinai-pearl-grey-6.jpeg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426659/; classtype:trojan-activity;sid:84289759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426660)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_8729-2-1200x800.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426660/; classtype:trojan-activity;sid:84289760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426661)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2184684-150x150.png.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426661/; classtype:trojan-activity;sid:84289761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426662)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/craft-activity.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426662/; classtype:trojan-activity;sid:84289762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426640)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pengumuman-pelaksanaan-seleksi-kompetensi-bidang-skb-cat-kementerian-agama-tahun-anggaran-2024-signedpdf_compressed.pdf.lnk"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426640/; classtype:trojan-activity;sid:84289740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426641)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/combined-science-f3-cover-scaled.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426641/; classtype:trojan-activity;sid:84289741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426642)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jn_2025-curinf_01-1-1.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426642/; classtype:trojan-activity;sid:84289742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426643)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/wie-lange-die-wirkung-von-cialis-20mg-anhalt.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426643/; classtype:trojan-activity;sid:84289743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426644)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/your-name.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426644/; classtype:trojan-activity;sid:84289744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426645)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-cachorro4-px.png.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426645/; classtype:trojan-activity;sid:84289745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426646)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/centrala-esprit-73825252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252b.jpg.lnk"; http_uri; depth:230; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426646/; classtype:trojan-activity;sid:84289746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426647)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/florida-permit4.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426647/; classtype:trojan-activity;sid:84289747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426648)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/atira_orgastore_410_5er_reling_ts_glas_ath_sorue_shop.jpg.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426648/; classtype:trojan-activity;sid:84289748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426649)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/international-women-day-img-3-725x544-1.jpg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426649/; classtype:trojan-activity;sid:84289749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426650)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/certificado-iso-9001-hasta-febrero-2027.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426650/; classtype:trojan-activity;sid:84289750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426651)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/descarga-2024-11-20t163319.654.png.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426651/; classtype:trojan-activity;sid:84289751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426652)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/601688be-1efa-c051-d71f-18dc4c268e78.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426652/; classtype:trojan-activity;sid:84289752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426653)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/09-2.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426653/; classtype:trojan-activity;sid:84289753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426654)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pmd-tbs-2-da-1.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426654/; classtype:trojan-activity;sid:84289754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426636)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oluce-catalogue-2020.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426636/; classtype:trojan-activity;sid:84289736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426637)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/700-1.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426637/; classtype:trojan-activity;sid:84289737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426638)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/e127f93f-10df-c886-a3b8-ea50c9b80869-scaled.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426638/; classtype:trojan-activity;sid:84289738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426639)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/el-super-mercado.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426639/; classtype:trojan-activity;sid:84289739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426628)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0424-1-1200x800.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426628/; classtype:trojan-activity;sid:84289728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426629)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot_20241202-234620.png.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426629/; classtype:trojan-activity;sid:84289729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426630)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/302.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426630/; classtype:trojan-activity;sid:84289730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426631)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/agronegocios-genesis-semillas-ficha-tecnica-esparrago-uc-157.pdf.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426631/; classtype:trojan-activity;sid:84289731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426632)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-1-1.png.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426632/; classtype:trojan-activity;sid:84289732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426633)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/street-style-botas-blancas-13-1631257199.jpg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426633/; classtype:trojan-activity;sid:84289733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426634)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oscar_cornago-se_alquila-la_construcci25252525252525252525c325252525252525252525b3n_de_un_archivo_vivo.pdf.lnk"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426634/; classtype:trojan-activity;sid:84289734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426635)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/poro_plush_thumb1.png.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426635/; classtype:trojan-activity;sid:84289735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426624)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1681910219613fff9e9eabfe792e24114ba4d954ec.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426624/; classtype:trojan-activity;sid:84289724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426625)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1009.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426625/; classtype:trojan-activity;sid:84289725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426626)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/descarga-2024-11-20t202529.243.png.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426626/; classtype:trojan-activity;sid:84289726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426627)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/refri.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426627/; classtype:trojan-activity;sid:84289727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426618)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/carrossel-yucat.png.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426618/; classtype:trojan-activity;sid:84289718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426619)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-microorganismos-2020.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426619/; classtype:trojan-activity;sid:84289719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426620)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/03292dc5-ac4c-4f90-a186-00b34b7a9b58-scaled.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426620/; classtype:trojan-activity;sid:84289720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426621)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_5273-2-1200x800.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426621/; classtype:trojan-activity;sid:84289721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426622)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chs-1683-4064-tablas-de-perfiles.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426622/; classtype:trojan-activity;sid:84289722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426623)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/artboard-14-1.png.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426623/; classtype:trojan-activity;sid:84289723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426608)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20190827_165253.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426608/; classtype:trojan-activity;sid:84289708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426609)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/abr-sesta-imid-nowotwory-dzieciece-2024-16-01-wer-2-1.pdf.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426609/; classtype:trojan-activity;sid:84289709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426610)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/banner-whatsapp.png.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426610/; classtype:trojan-activity;sid:84289710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426611)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2c446059-23fd-4f88-0239-fd262b487688.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426611/; classtype:trojan-activity;sid:84289711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426612)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jt-header07.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426612/; classtype:trojan-activity;sid:84289712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426613)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/product2525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252520catalog.pdf.lnk"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426613/; classtype:trojan-activity;sid:84289713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426614)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rl-40-4.jpeg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426614/; classtype:trojan-activity;sid:84289714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426615)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5b.2-labeling-components-pg2.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426615/; classtype:trojan-activity;sid:84289715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426616)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6-3.png.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426616/; classtype:trojan-activity;sid:84289716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426617)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/naranja-1024x1024.png.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426617/; classtype:trojan-activity;sid:84289717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426596)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20220427-wa0004.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426596/; classtype:trojan-activity;sid:84289696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426597)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/46836469258.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426597/; classtype:trojan-activity;sid:84289697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426598)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/43-santa-cruz-do-sul-br-471-prox.-cindapa-e-germani-alimentos-face-rio-pardo.jpg.lnk"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426598/; classtype:trojan-activity;sid:84289698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426599)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/01-2.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426599/; classtype:trojan-activity;sid:84289699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426600)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cata252525252525252525252525252525252525cc25252525252525252525252525252525252581logo-cti-slep-puerto-cordillera.pdf.lnk"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426600/; classtype:trojan-activity;sid:84289700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426601)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/328.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426601/; classtype:trojan-activity;sid:84289701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426602)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/26.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426602/; classtype:trojan-activity;sid:84289702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426603)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rt-35-rio-escondido-3-has-bardeadas-constellation-coca-y-br-14.jpeg.lnk"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426603/; classtype:trojan-activity;sid:84289703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426604)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9-11.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426604/; classtype:trojan-activity;sid:84289704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426605)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5-10.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426605/; classtype:trojan-activity;sid:84289705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426606)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hnh001a-copy.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426606/; classtype:trojan-activity;sid:84289706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426607)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b.jpg.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426607/; classtype:trojan-activity;sid:84289707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426588)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/92dc271f-00be-b13f-1a21-100b704e6876.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426588/; classtype:trojan-activity;sid:84289688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426589)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_5621-1-1200x800.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426589/; classtype:trojan-activity;sid:84289689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426590)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/papaya-descriere-fruct-beneficii.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426590/; classtype:trojan-activity;sid:84289690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426591)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rtc-35-presentacion2-rio-escondido-3-has-bardeadas-constellation-coca-y-br-2.jpg.lnk"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426591/; classtype:trojan-activity;sid:84289691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426592)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/48-1.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426592/; classtype:trojan-activity;sid:84289692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426593)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b02e82e0-4389-e60f-2666-3739578d2650.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426593/; classtype:trojan-activity;sid:84289693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426594)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/71nfmz1lhql._ac_uf350350_ql80_.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426594/; classtype:trojan-activity;sid:84289694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426595)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/belizza_bb.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426595/; classtype:trojan-activity;sid:84289695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426583)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/marcelo-porto-de-galinhas-ext-alameda-r01resultado-me25252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525cc2525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252581dio.jpeg.lnk"; http_uri; depth:264; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426583/; classtype:trojan-activity;sid:84289683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426584)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/14-decret-2005-062-redevance-ore.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426584/; classtype:trojan-activity;sid:84289684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426585)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preguntas-frecuentes-cupo-explora-unesco-admisio25252525252525252525252525252525252525cc2525252525252525252525252525252525252581n-2025.pdf.lnk"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426585/; classtype:trojan-activity;sid:84289685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426586)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/br1.png.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426586/; classtype:trojan-activity;sid:84289686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426587)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/laldenga-thusawi-25252525252525252525252525252525252525252540aizawl-lammual.pdf.lnk"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426587/; classtype:trojan-activity;sid:84289687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426578)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/d9ff3187-cd3e-4f95-a878-9dc2343e67e6.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426578/; classtype:trojan-activity;sid:84289678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426579)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eduardoramosfotos-73.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426579/; classtype:trojan-activity;sid:84289679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426580)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/practice-exercise-4.0-instructions.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426580/; classtype:trojan-activity;sid:84289680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426581)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/xanax-xr-3mg.png.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426581/; classtype:trojan-activity;sid:84289681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426582)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20200617-wa0014.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426582/; classtype:trojan-activity;sid:84289682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426575)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/taipan-tropical_5_11zon.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426575/; classtype:trojan-activity;sid:84289675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426576)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fitness.png.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426576/; classtype:trojan-activity;sid:84289676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426577)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/new-gift-cards_web.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426577/; classtype:trojan-activity;sid:84289677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426560)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/el-nino-la-nina-come.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426560/; classtype:trojan-activity;sid:84289660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426561)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/game-lol-cosplay-swift-scout-teemo-cosplay-hat-high-quality-plush-cute-cosplay-cap-cosplay-accessories.jpg_q90.jpg_.jpeg.lnk"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426561/; classtype:trojan-activity;sid:84289661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426562)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/office-gallery-12.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426562/; classtype:trojan-activity;sid:84289662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426563)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_8083.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426563/; classtype:trojan-activity;sid:84289663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426564)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/foothills-cottage.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426564/; classtype:trojan-activity;sid:84289664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426565)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/d_938557-mlu49581010763_042022-o-1.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426565/; classtype:trojan-activity;sid:84289665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426566)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/news-post-5.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426566/; classtype:trojan-activity;sid:84289666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426567)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/art.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426567/; classtype:trojan-activity;sid:84289667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426568)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/the_american_actress_olivia_de_havilland_wearing_a_christian_dior_wedding_dress_for_the_film_la_fille_de_l_ambassadeur_jpg_6656.jpg.lnk"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426568/; classtype:trojan-activity;sid:84289668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426569)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6133-1200x800.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426569/; classtype:trojan-activity;sid:84289669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426570)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/office-gallery-10.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426570/; classtype:trojan-activity;sid:84289670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426571)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/htb15t4rajzuk1rjsspeq6zihvxaj.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426571/; classtype:trojan-activity;sid:84289671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426572)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1262258-scaled.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426572/; classtype:trojan-activity;sid:84289672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426573)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/177.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426573/; classtype:trojan-activity;sid:84289673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426574)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sunny-light-slabs.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426574/; classtype:trojan-activity;sid:84289674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426555)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/office-gallery-9.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426555/; classtype:trojan-activity;sid:84289655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426556)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/33-scaled.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426556/; classtype:trojan-activity;sid:84289656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426557)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rt-35-rio-escondido-3-has-bardeadas-constellation-coca-y-br-20.jpeg.lnk"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426557/; classtype:trojan-activity;sid:84289657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426558)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/viste-a-la-nina-pdf.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426558/; classtype:trojan-activity;sid:84289658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426559)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/viber_image_2024-02-07_23-12-01-712.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426559/; classtype:trojan-activity;sid:84289659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426548)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_8716-copia.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426548/; classtype:trojan-activity;sid:84289648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426549)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1675455893d18287d3c70128cc018d7a1d28958d01.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426549/; classtype:trojan-activity;sid:84289649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426550)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lutron_qs_10_shade_wired_power_panel_detail_and_wiring.pdf.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426550/; classtype:trojan-activity;sid:84289650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426551)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3b6b462d-7139-c485-a851-2d81079459ba.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426551/; classtype:trojan-activity;sid:84289651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426552)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/woocommerce-placeholder.png.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426552/; classtype:trojan-activity;sid:84289652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426553)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20220427-wa0007.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426553/; classtype:trojan-activity;sid:84289653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426554)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/brosur-alat-bima-trade.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426554/; classtype:trojan-activity;sid:84289654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426543)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rt-35-rio-escondido-3-has-bardeadas-constellation-coca-y-br-1.jpg.lnk"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426543/; classtype:trojan-activity;sid:84289643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426544)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/240402-mc-salesperson-so-cal-job-description.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426544/; classtype:trojan-activity;sid:84289644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426545)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bachelor-of-commerce_programme_specific_outcomes.pdf.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426545/; classtype:trojan-activity;sid:84289645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426546)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screen-shot-2021-02-05-at-4.35.12-pm.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426546/; classtype:trojan-activity;sid:84289646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426547)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/03-communications-leadership-for-reputation.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426547/; classtype:trojan-activity;sid:84289647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426537)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/top-basic-2024_rsgl.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426537/; classtype:trojan-activity;sid:84289637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426538)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/marcelo-porto-de-galinhas-ext-alameda-r01resultado-me252525252525252525252525252525252525252525252525252525252525252525252525252525cc25252525252525252525252525252525252525252525252525252525252525252525252525252581dio.jpeg.lnk"; http_uri; depth:236; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426538/; classtype:trojan-activity;sid:84289638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426539)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oscar_cornago-se_alquila-la_construcci252525252525252525252525c3252525252525252525252525b3n_de_un_archivo_vivo.pdf.lnk"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426539/; classtype:trojan-activity;sid:84289639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426540)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/suku-berawa-scaled.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426540/; classtype:trojan-activity;sid:84289640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426541)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/205-45-zr17-tl-88w-reinf-carmile-sport-3686.png.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426541/; classtype:trojan-activity;sid:84289641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426542)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3-15.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426542/; classtype:trojan-activity;sid:84289642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426530)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/c.jpg.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426530/; classtype:trojan-activity;sid:84289630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426531)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/veja-village-praia-ext-piscina-r01resultado-me25252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525cc2525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252581dio.jpeg.lnk"; http_uri; depth:257; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426531/; classtype:trojan-activity;sid:84289631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426532)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ba_minis_00-1.png.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426532/; classtype:trojan-activity;sid:84289632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426533)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/analysis-of-risk-factors-for-neurodevelopment-and-visual-functions-in-the-preterm-infant-to-establish-an-early-detection-and-treatment.pdf.lnk"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426533/; classtype:trojan-activity;sid:84289633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426534)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/macallan-12-yo-double-cask-compressed.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426534/; classtype:trojan-activity;sid:84289634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426535)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/senna_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426535/; classtype:trojan-activity;sid:84289635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426536)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc03344-2-1200x800.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426536/; classtype:trojan-activity;sid:84289636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426518)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tiamo-fishing01.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426518/; classtype:trojan-activity;sid:84289618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426519)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vitabiotics-urunler.png.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426519/; classtype:trojan-activity;sid:84289619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426520)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circular-campeonato-provincial-lleida-2015.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426520/; classtype:trojan-activity;sid:84289620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426521)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/13077056_1184843924894094_9165480279004374996_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426521/; classtype:trojan-activity;sid:84289621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426522)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eni_6248.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426522/; classtype:trojan-activity;sid:84289622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426523)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/08-min.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426523/; classtype:trojan-activity;sid:84289623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426524)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/equipment-for-testing-with-1-kw-rated-pre-mixed-flame.pdf.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426524/; classtype:trojan-activity;sid:84289624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426525)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1783-1200x800.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426525/; classtype:trojan-activity;sid:84289625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426526)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/st1.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426526/; classtype:trojan-activity;sid:84289626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426527)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/activities-in-school.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426527/; classtype:trojan-activity;sid:84289627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426528)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/telelink2.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426528/; classtype:trojan-activity;sid:84289628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426529)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/florida-tarpon11.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426529/; classtype:trojan-activity;sid:84289629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426511)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/acer-nitro-5-ci5-gaming-1-6.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426511/; classtype:trojan-activity;sid:84289611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426512)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/calendario-carrera-de-medicina-y-odontologia.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426512/; classtype:trojan-activity;sid:84289612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426513)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/16754558936925ed631ee9369becec183aa6d5d84a.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426513/; classtype:trojan-activity;sid:84289613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426514)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20190704-wa0048.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426514/; classtype:trojan-activity;sid:84289614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426515)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jn2021-mod_12-se-alquila-10.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426515/; classtype:trojan-activity;sid:84289615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426516)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc04349-edit.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426516/; classtype:trojan-activity;sid:84289616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426517)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jn_2025-bogota_2025-6.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426517/; classtype:trojan-activity;sid:84289617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426503)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tiesiogines-rinkodaros-sutikimo-forma.docx.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426503/; classtype:trojan-activity;sid:84289603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426504)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/610-1.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426504/; classtype:trojan-activity;sid:84289604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426505)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/code-of-conduct-ext.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426505/; classtype:trojan-activity;sid:84289605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426506)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/68e382a2-8b27-3b09-d7f6-fde4bb785716.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426506/; classtype:trojan-activity;sid:84289606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426507)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jt-header06.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426507/; classtype:trojan-activity;sid:84289607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426508)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/produk-ekspor-marketplace.png.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426508/; classtype:trojan-activity;sid:84289608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426509)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/slide02.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426509/; classtype:trojan-activity;sid:84289609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426510)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/48.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426510/; classtype:trojan-activity;sid:84289610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426500)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/practice-exercise-6.1-answer.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426500/; classtype:trojan-activity;sid:84289600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426501)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8-14.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426501/; classtype:trojan-activity;sid:84289601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426502)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1706997668_kanser_g__n___2__2024-scaled.jpg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426502/; classtype:trojan-activity;sid:84289602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426490)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-12.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426490/; classtype:trojan-activity;sid:84289590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426491)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-4-1-scaled.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426491/; classtype:trojan-activity;sid:84289591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426492)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bold-dark-orange-back-to-back-dj-party-instagram-post-900-x-500-px.jpg.lnk"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426492/; classtype:trojan-activity;sid:84289592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426493)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/camscanner-01-20-2025-16.51_1.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426493/; classtype:trojan-activity;sid:84289593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426494)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/445.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426494/; classtype:trojan-activity;sid:84289594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426495)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dis04.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426495/; classtype:trojan-activity;sid:84289595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426496)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/office-gallery-5.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426496/; classtype:trojan-activity;sid:84289596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426497)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/335.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426497/; classtype:trojan-activity;sid:84289597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426498)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/catalogo-primeras-capas.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426498/; classtype:trojan-activity;sid:84289598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426499)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/descarga-2024-11-21t091253.552.png.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426499/; classtype:trojan-activity;sid:84289599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426480)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ofsted_report.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426480/; classtype:trojan-activity;sid:84289580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426481)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cuentas-de-cobro-internet.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426481/; classtype:trojan-activity;sid:84289581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426482)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rjsc-2018-04-26-10-26-29-150x150.png.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426482/; classtype:trojan-activity;sid:84289582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426483)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/descarga-2024-11-21t115707.924.png.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426483/; classtype:trojan-activity;sid:84289583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426484)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/capsule-lifts.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426484/; classtype:trojan-activity;sid:84289584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426485)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/modern-new-luxury-bathroom-interior-design-h3xylf8.jpg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426485/; classtype:trojan-activity;sid:84289585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426486)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2e6886d5-db59-ebeb-af26-85272bdab795.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426486/; classtype:trojan-activity;sid:84289586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426487)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426487/; classtype:trojan-activity;sid:84289587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426488)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/office-gallery-2.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426488/; classtype:trojan-activity;sid:84289588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426489)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/viber_image_2024-02-07_23-11-17-378.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426489/; classtype:trojan-activity;sid:84289589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426472)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/d_959607-mlu51195248774_082022-o.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426472/; classtype:trojan-activity;sid:84289572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426473)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pernambuco-tamarineira-int-layout-c-r01resultado-me25252525252525252525252525252525252525252525252525252525252525252525252525252525cc2525252525252525252525252525252525252525252525252525252525252525252525252525252581dio.jpeg.lnk"; http_uri; depth:238; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426473/; classtype:trojan-activity;sid:84289573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426474)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gxqfxlzxeaamvon-1024x768.jpeg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426474/; classtype:trojan-activity;sid:84289574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426475)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/khatmya-5.jpeg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426475/; classtype:trojan-activity;sid:84289575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426476)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/viber_image_2024-02-07_23-11-06-390.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426476/; classtype:trojan-activity;sid:84289576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426477)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sunny-brushed-1.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426477/; classtype:trojan-activity;sid:84289577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426478)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/florida-permit1.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426478/; classtype:trojan-activity;sid:84289578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426479)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fama-sunny-hall-ext-area-comum-r03resultado-me25252525252525252525252525252525252525252525252525252525252525252525252525252525cc2525252525252525252525252525252525252525252525252525252525252525252525252525252581dio.jpeg.lnk"; http_uri; depth:233; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426479/; classtype:trojan-activity;sid:84289579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426465)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-dining-room-sunter-residence-sunter-agung-desain-arsitek-oleh-tms-creative.jpeg.lnk"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426465/; classtype:trojan-activity;sid:84289565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426466)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/380446_939990_whatsapp_image_2020_07_04_at_10.13.52__2_.jpeg.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426466/; classtype:trojan-activity;sid:84289566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426467)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resultados-xix-trofeu-ciutat-de-lleida1.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426467/; classtype:trojan-activity;sid:84289567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426468)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jala-import.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426468/; classtype:trojan-activity;sid:84289568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426469)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zubeyde-sahin-tekstil-muhendisi-e1724236163855.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426469/; classtype:trojan-activity;sid:84289569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426470)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gf-noelia.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426470/; classtype:trojan-activity;sid:84289570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426471)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vivix-site-int-sala-janelao-r01resultado-me25252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525cc2525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252581dio.jpeg.lnk"; http_uri; depth:254; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426471/; classtype:trojan-activity;sid:84289571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426461)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ciresele-acerola-barbados-cherry.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426461/; classtype:trojan-activity;sid:84289561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426462)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/shelter-island-e1474908608780.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426462/; classtype:trojan-activity;sid:84289562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426463)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vis_grl.xls.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426463/; classtype:trojan-activity;sid:84289563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426464)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mif.pdf.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426464/; classtype:trojan-activity;sid:84289564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426456)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sunny-menia-brushed-2.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426456/; classtype:trojan-activity;sid:84289556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426457)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/108.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426457/; classtype:trojan-activity;sid:84289557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426458)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/grapesharvestint.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426458/; classtype:trojan-activity;sid:84289558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426459)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sunny-menia-polished-slabs-4.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426459/; classtype:trojan-activity;sid:84289559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426460)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/download-1-150x150.png.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426460/; classtype:trojan-activity;sid:84289560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426451)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/shoulder-pulley-guide.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426451/; classtype:trojan-activity;sid:84289551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426452)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resolucio2525252525252525252525252525252525cc252525252525252525252525252525252581n-bases.pdf.lnk"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426452/; classtype:trojan-activity;sid:84289552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426453)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/trip-to-super-market.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426453/; classtype:trojan-activity;sid:84289553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426454)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/061.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426454/; classtype:trojan-activity;sid:84289554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426455)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/52126751_975410439314101_2764886352146202624_n.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426455/; classtype:trojan-activity;sid:84289555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426440)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/poro_plush_thumb2.png.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426440/; classtype:trojan-activity;sid:84289540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426441)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sticker-koin-nu.jpeg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426441/; classtype:trojan-activity;sid:84289541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426442)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/descarga-4.jpeg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426442/; classtype:trojan-activity;sid:84289542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426443)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/explora_me25252525252525252525252525252525252525252525cc2525252525252525252525252525252525252525252581todo-cienti25252525252525252525252525252525252525252525cc2525252525252525252525252525252525252525252581fico_mv.pdf.lnk"; http_uri; depth:231; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426443/; classtype:trojan-activity;sid:84289543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426444)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urb-tbs-chess-b220-1.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426444/; classtype:trojan-activity;sid:84289544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426445)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rumah-minimalis-7.jpeg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426445/; classtype:trojan-activity;sid:84289545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426446)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/serbajenta-slabs-2.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426446/; classtype:trojan-activity;sid:84289546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426447)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-22901.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426447/; classtype:trojan-activity;sid:84289547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426448)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/50-resistance-band-exercises.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426448/; classtype:trojan-activity;sid:84289548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426449)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/senna_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426449/; classtype:trojan-activity;sid:84289549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426450)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/descarga-2024-11-21t091246.919.png.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426450/; classtype:trojan-activity;sid:84289550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426431)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7329f7edb10e93141deb4ec10c727847.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426431/; classtype:trojan-activity;sid:84289531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426432)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jn_2025-bogota_2025-4.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426432/; classtype:trojan-activity;sid:84289532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426433)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20220727-wa0086.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426433/; classtype:trojan-activity;sid:84289533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426434)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-6305.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426434/; classtype:trojan-activity;sid:84289534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426435)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3f819802-15ac-5e66-c8a4-c91d38dbdf2c.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426435/; classtype:trojan-activity;sid:84289535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426436)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc04310-edit.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426436/; classtype:trojan-activity;sid:84289536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426437)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/w185.png.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426437/; classtype:trojan-activity;sid:84289537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426438)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/69.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426438/; classtype:trojan-activity;sid:84289538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426439)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/wilber-big.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426439/; classtype:trojan-activity;sid:84289539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426424)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/edur3792-edit.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426424/; classtype:trojan-activity;sid:84289524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426425)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/asccw3.png.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426425/; classtype:trojan-activity;sid:84289525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426426)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/viber_image_2024-02-07_23-14-31-290-e1710718250210.jpg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426426/; classtype:trojan-activity;sid:84289526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426427)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/725.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426427/; classtype:trojan-activity;sid:84289527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426428)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kambio-eyewear-sunglasses-gigi-studios-billie-hoxagonal-caramel-6755-0-side.jpg.lnk"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426428/; classtype:trojan-activity;sid:84289528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426429)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/342e7f1d-99b5-41c5-b0ba-f763feed0867.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426429/; classtype:trojan-activity;sid:84289529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426430)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cirugia-general.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426430/; classtype:trojan-activity;sid:84289530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426419)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot-860.png.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426419/; classtype:trojan-activity;sid:84289519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426420)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/promo-gifts-2025-1.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426420/; classtype:trojan-activity;sid:84289520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426421)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/202004_web_rs_katalogcene.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426421/; classtype:trojan-activity;sid:84289521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426422)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gf-isabel.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426422/; classtype:trojan-activity;sid:84289522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426423)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jt-header02.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426423/; classtype:trojan-activity;sid:84289523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426416)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/89ff3d1f990396ae54b02f0e041e47be-2.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426416/; classtype:trojan-activity;sid:84289516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426417)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4-9.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426417/; classtype:trojan-activity;sid:84289517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426418)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sunny-menia-polished-3.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426418/; classtype:trojan-activity;sid:84289518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426406)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-32.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426406/; classtype:trojan-activity;sid:84289506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426407)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/16672169043041.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426407/; classtype:trojan-activity;sid:84289507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426408)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9ab6b126-f4d3-428c-4253-51e2861d31ac.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426408/; classtype:trojan-activity;sid:84289508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426409)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5-3.png.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426409/; classtype:trojan-activity;sid:84289509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426410)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aud-house-gallery-img.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426410/; classtype:trojan-activity;sid:84289510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426411)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/udhezimi-i-perbashket-nr.-1-date-09.01.2025-datat-msh-2025.pdf.lnk"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426411/; classtype:trojan-activity;sid:84289511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426412)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-6213.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426412/; classtype:trojan-activity;sid:84289512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426413)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot-859.png.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426413/; classtype:trojan-activity;sid:84289513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426414)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2022-02-22-at-15.46.18.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426414/; classtype:trojan-activity;sid:84289514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426415)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/07f49d20-3ed2-4b0d-8696-9562d6151ff4.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426415/; classtype:trojan-activity;sid:84289515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426400)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hnh106.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426400/; classtype:trojan-activity;sid:84289500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426401)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a2525252525252525252525252525252525252525252525cc252525252525252525252525252525252525252525252581lbum_explora_2017_2-1.pdf.lnk"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426401/; classtype:trojan-activity;sid:84289501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426402)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4400a.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426402/; classtype:trojan-activity;sid:84289502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426403)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4-5.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426403/; classtype:trojan-activity;sid:84289503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426404)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/countertops-050-1.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426404/; classtype:trojan-activity;sid:84289504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426405)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20190704-wa0044.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426405/; classtype:trojan-activity;sid:84289505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426388)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0095-1200x800.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426388/; classtype:trojan-activity;sid:84289488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426389)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_5652-2-1200x800.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426389/; classtype:trojan-activity;sid:84289489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426390)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/704.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426390/; classtype:trojan-activity;sid:84289490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426391)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/f9a45a26-b534-85bb-3703-3796c9b6c5f1.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426391/; classtype:trojan-activity;sid:84289491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426392)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jn_2025-bogota_2025-8.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426392/; classtype:trojan-activity;sid:84289492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426393)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/artigo-edna-kauss.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426393/; classtype:trojan-activity;sid:84289493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426394)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cata252525252525252525252525252525252525cc25252525252525252525252525252525252581logo-cti-slep-gabriela-mistral.pdf.lnk"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426394/; classtype:trojan-activity;sid:84289494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426395)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screen-shot-2021-02-05-at-4.35.48-pm.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426395/; classtype:trojan-activity;sid:84289495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426396)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2019-relacion-provisional-con-licencias-hasta-el-30-de-junio.pdf.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426396/; classtype:trojan-activity;sid:84289496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426397)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/001_husary_fatiha.mp3.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426397/; classtype:trojan-activity;sid:84289497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426398)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cmm1.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426398/; classtype:trojan-activity;sid:84289498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426399)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_7925.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426399/; classtype:trojan-activity;sid:84289499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426381)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/descarga-2024-11-20t180804.595.png.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426381/; classtype:trojan-activity;sid:84289481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426382)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2024mba301.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426382/; classtype:trojan-activity;sid:84289482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426383)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo_2025-01-14_13-35-33.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426383/; classtype:trojan-activity;sid:84289483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426384)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/304.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426384/; classtype:trojan-activity;sid:84289484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426385)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/demonstracija-loma-svjetlosti-ili-ili-refrakcije-refrakcija.jpg.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426385/; classtype:trojan-activity;sid:84289485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426386)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tork.pdf.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426386/; classtype:trojan-activity;sid:84289486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426387)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cubes.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426387/; classtype:trojan-activity;sid:84289487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426377)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot_20240518-232531.png.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426377/; classtype:trojan-activity;sid:84289477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426378)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b_luks_konut_insaati_ankara_1988.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426378/; classtype:trojan-activity;sid:84289478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426379)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3-basic-components1.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426379/; classtype:trojan-activity;sid:84289479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426380)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/time-group.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426380/; classtype:trojan-activity;sid:84289480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426369)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-10-2-scaled.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426369/; classtype:trojan-activity;sid:84289469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426370)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/starmaxx-265-70-r19-5-tl-143-141j-lh-100-ecoplanet-26570195-6134.png.lnk"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426370/; classtype:trojan-activity;sid:84289470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426371)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/descarga-2024-11-20t213207.510.png.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426371/; classtype:trojan-activity;sid:84289471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426372)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/e914ad58-8e43-e555-aa69-22d0e4d90706.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426372/; classtype:trojan-activity;sid:84289472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426373)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/insert-1-janks.mp3.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426373/; classtype:trojan-activity;sid:84289473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426374)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/e92b11ae622514c50056f53656cca2d7.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426374/; classtype:trojan-activity;sid:84289474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426375)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/descarga.jpeg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426375/; classtype:trojan-activity;sid:84289475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426376)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/product2525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252520catalog.pdf.lnk"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426376/; classtype:trojan-activity;sid:84289476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426360)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/46834646935.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426360/; classtype:trojan-activity;sid:84289460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426361)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/armemos-la-granja.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426361/; classtype:trojan-activity;sid:84289461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426362)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_4720.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426362/; classtype:trojan-activity;sid:84289462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426363)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/office-gallery-14.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426363/; classtype:trojan-activity;sid:84289463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426364)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/air-duct-toyota-oem.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426364/; classtype:trojan-activity;sid:84289464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426365)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/news-lett-er-may-september-2023.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426365/; classtype:trojan-activity;sid:84289465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426366)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3-12.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426366/; classtype:trojan-activity;sid:84289466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426367)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/andaina4.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426367/; classtype:trojan-activity;sid:84289467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426368)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5-10pcs-new-game-lol-cosplay-swift-scout-teemo-cosplay-hat-high-quality-plush-cute-cosplay.jpg_q90.jpg_.jpeg.lnk"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426368/; classtype:trojan-activity;sid:84289468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426354)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spacious-living-room-interior-design-phrvd9s.jpg.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426354/; classtype:trojan-activity;sid:84289454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426355)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/357457258468.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426355/; classtype:trojan-activity;sid:84289455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426356)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gxwnkbgw0aacpxy-1024x682.jpeg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426356/; classtype:trojan-activity;sid:84289456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426357)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/e.jpg.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426357/; classtype:trojan-activity;sid:84289457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426358)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dscf8383-1200x800.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426358/; classtype:trojan-activity;sid:84289458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426359)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/countertops20182-1.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426359/; classtype:trojan-activity;sid:84289459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426345)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/reglamento-cnj-20210904.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426345/; classtype:trojan-activity;sid:84289445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426346)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/c76f8240-0707-0d6e-e487-4d47c7017e17.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426346/; classtype:trojan-activity;sid:84289446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426347)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/alpes-inox-catalogoxl-strumentidoggi-2017-it_en.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426347/; classtype:trojan-activity;sid:84289447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426348)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2709-rot-iron-stand-square.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426348/; classtype:trojan-activity;sid:84289448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426349)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sea-glass-e1474908624392.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426349/; classtype:trojan-activity;sid:84289449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426350)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/t1-scaled.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426350/; classtype:trojan-activity;sid:84289450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426351)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/definitions-of-progressives-15a.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426351/; classtype:trojan-activity;sid:84289451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426352)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/superfood-03.png.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426352/; classtype:trojan-activity;sid:84289452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426353)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/la-lluvia_-viste-a-la-nina.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426353/; classtype:trojan-activity;sid:84289453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426341)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20190704-wa0049.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426341/; classtype:trojan-activity;sid:84289441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426342)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7-1.png.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426342/; classtype:trojan-activity;sid:84289442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426343)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-9.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426343/; classtype:trojan-activity;sid:84289443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426344)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/quartz-mudroom-3.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426344/; classtype:trojan-activity;sid:84289444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426335)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/granny-flat-gallery-img-02.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426335/; classtype:trojan-activity;sid:84289435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426336)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lutron_individual_power_supply_detail_and_wiring.pdf.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426336/; classtype:trojan-activity;sid:84289436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426337)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/viber_image_2024-02-07_23-11-43-654.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426337/; classtype:trojan-activity;sid:84289437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426338)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mnyw72gdxl6wpugmzrucszmjijxn6cmfbxznkycp.jpg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426338/; classtype:trojan-activity;sid:84289438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426339)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/10-1.png.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426339/; classtype:trojan-activity;sid:84289439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426340)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eduardoramosfotos-31-1-scaled-1.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426340/; classtype:trojan-activity;sid:84289440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426329)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/holiday-vaganza.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426329/; classtype:trojan-activity;sid:84289429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426330)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sinai-pearl-grey-honed-3.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426330/; classtype:trojan-activity;sid:84289430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426331)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/air-duct2-toyota-oem.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426331/; classtype:trojan-activity;sid:84289431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426332)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_5543-2-1200x800.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426332/; classtype:trojan-activity;sid:84289432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426333)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20220419-wa0010.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426333/; classtype:trojan-activity;sid:84289433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426334)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/303.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426334/; classtype:trojan-activity;sid:84289434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426317)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/as-header01.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426317/; classtype:trojan-activity;sid:84289417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426318)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/d051221820805876e23f01821dbd66ff.jpg_720x720q801.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426318/; classtype:trojan-activity;sid:84289418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426319)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/viber_image_2024-02-07_23-12-10-564.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426319/; classtype:trojan-activity;sid:84289419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426320)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/encuesta-antofagasta-1-revdege07042017.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426320/; classtype:trojan-activity;sid:84289420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426321)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/058c016f-6902-8d3a-ea71-8d07127b8e4b.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426321/; classtype:trojan-activity;sid:84289421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426322)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/santo-antonio-do-descoberto-temporal-3ntlco.jpeg.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426322/; classtype:trojan-activity;sid:84289422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426323)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/office-gallery-13.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426323/; classtype:trojan-activity;sid:84289423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426324)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/descarga-2024-11-20t204254.822.png.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426324/; classtype:trojan-activity;sid:84289424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426325)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jn_2025-bogota_2025-7.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426325/; classtype:trojan-activity;sid:84289425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426326)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/descarga-2024-11-20t202525.979.png.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426326/; classtype:trojan-activity;sid:84289426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426327)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gesve.png.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426327/; classtype:trojan-activity;sid:84289427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426328)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hnh-fks.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426328/; classtype:trojan-activity;sid:84289428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426309)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dscf1511-1-1200x800.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426309/; classtype:trojan-activity;sid:84289409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426310)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3.-bitacora-252525252525252525252525252525252525252525c2252525252525252525252525252525252525252525bfen-que252525252525252525252525252525252525252525cc25252525252525252525252525252525252525252581-lugar-del-cosmos-estamos-situados-agp.pdf.lnk"; http_uri; depth:251; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426310/; classtype:trojan-activity;sid:84289410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426311)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/iie-innovaci25252525252525252525252525252525252525252525252525c325252525252525252525252525252525252525252525252525b3n-valdivia-1024x576.jpg.lnk"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426311/; classtype:trojan-activity;sid:84289411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426312)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kx-tg6711_box-2243.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426312/; classtype:trojan-activity;sid:84289412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426313)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc04316-edit.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426313/; classtype:trojan-activity;sid:84289413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426314)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_8060.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426314/; classtype:trojan-activity;sid:84289414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426315)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gxne1lnxiaartil-1024x574.jpeg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426315/; classtype:trojan-activity;sid:84289415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426316)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/asociacion-usuarios.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426316/; classtype:trojan-activity;sid:84289416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426301)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/volantefelixtrujillo1.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426301/; classtype:trojan-activity;sid:84289401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426302)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urdher-nr.74-date-15.02.2024-per-miratimin-e-rregullores-per-zhvillimin-e-provimeve-kombetare-te-arsimit-baze.pdf.lnk"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426302/; classtype:trojan-activity;sid:84289402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426303)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pklns_20201004_174134-scaled.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426303/; classtype:trojan-activity;sid:84289403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426304)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2019-03-05-at-1.22.19-pm.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426304/; classtype:trojan-activity;sid:84289404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426305)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20200617-wa0010.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426305/; classtype:trojan-activity;sid:84289405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426306)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sinai-pearl-grey-honed-4.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426306/; classtype:trojan-activity;sid:84289406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426307)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/national-forest-tenure-dialogue-proceedings-eng.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426307/; classtype:trojan-activity;sid:84289407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426308)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/office-gallery-11.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426308/; classtype:trojan-activity;sid:84289408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426298)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/platinum-prosperity-persona.docx.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426298/; classtype:trojan-activity;sid:84289398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426299)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hettich-pag-web_kit-cajones-atira.jpg.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426299/; classtype:trojan-activity;sid:84289399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426300)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/0467cf7c-9d39-315f-cea9-50cb988d3cb3-1.png.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426300/; classtype:trojan-activity;sid:84289400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426293)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/shalwar-kameez-designs.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426293/; classtype:trojan-activity;sid:84289393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426294)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_8580.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426294/; classtype:trojan-activity;sid:84289394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426295)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vis-skon-hag-li-verona-dyf.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426295/; classtype:trojan-activity;sid:84289395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426296)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eduardoramosfotos-62-scaled-1.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426296/; classtype:trojan-activity;sid:84289396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426297)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/prva-prava-bolest-kod-bebe.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426297/; classtype:trojan-activity;sid:84289397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426285)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/21hardwoodlivingroom.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426285/; classtype:trojan-activity;sid:84289385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426286)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/d984d988d8b1d8a7d986-d8a8d988d8aad8a7d8b3d98ad988d985.jpg.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426286/; classtype:trojan-activity;sid:84289386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426287)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/office-gallery-8.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426287/; classtype:trojan-activity;sid:84289387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426288)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/378026_935623_hqs_senninha.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426288/; classtype:trojan-activity;sid:84289388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426289)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cnc-t1.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426289/; classtype:trojan-activity;sid:84289389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426290)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cp-9020209-na-gallery-cv450-psu-13-1.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426290/; classtype:trojan-activity;sid:84289390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426291)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/as-header08.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426291/; classtype:trojan-activity;sid:84289391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426292)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/khatemia-brushed2.jpeg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426292/; classtype:trojan-activity;sid:84289392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426278)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/office-gallery-3.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426278/; classtype:trojan-activity;sid:84289378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426279)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/htb1loqkd22h8kjjy1zkq6xr7pxal.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426279/; classtype:trojan-activity;sid:84289379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426280)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fd27bec4-f82a-9040-cfb0-5887a34d773c.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426280/; classtype:trojan-activity;sid:84289380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426281)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/673584845666.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426281/; classtype:trojan-activity;sid:84289381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426282)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jn_2025-bogota_2025-5.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426282/; classtype:trojan-activity;sid:84289382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426283)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5b.4-required-assignment.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426283/; classtype:trojan-activity;sid:84289383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426284)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/11-1-725x544-1.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426284/; classtype:trojan-activity;sid:84289384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426267)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circ_2207_2a_tirada_lliga_catalana_camp-20222862.pdf.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426267/; classtype:trojan-activity;sid:84289367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426268)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/iie-innovaci2525252525252525252525252525252525252525252525252525252525c32525252525252525252525252525252525252525252525252525252525b3n-valdivia-1024x576.jpg.lnk"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426268/; classtype:trojan-activity;sid:84289368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426269)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/f218.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426269/; classtype:trojan-activity;sid:84289369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426270)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-7-1-scaled.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426270/; classtype:trojan-activity;sid:84289370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426271)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/29-2.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426271/; classtype:trojan-activity;sid:84289371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426272)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bomba-de-abastecimento-eletronica-wayne-3g-dupla.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426272/; classtype:trojan-activity;sid:84289372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426273)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/come-galletas.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426273/; classtype:trojan-activity;sid:84289373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426274)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/26175_14.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426274/; classtype:trojan-activity;sid:84289374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426275)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urb-sat-x300.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426275/; classtype:trojan-activity;sid:84289375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426276)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/10-1-725x544-1.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426276/; classtype:trojan-activity;sid:84289376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426277)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-design-2023-12-06t130835.635.png.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426277/; classtype:trojan-activity;sid:84289377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426262)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/amended-articles-of-incorporation_change-of-principal-office-address.pdf.lnk"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426262/; classtype:trojan-activity;sid:84289362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426263)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/countertops-058.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426263/; classtype:trojan-activity;sid:84289363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426264)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_4419-1200x800.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426264/; classtype:trojan-activity;sid:84289364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426265)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/air-conditioning-duct-left-oem.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426265/; classtype:trojan-activity;sid:84289365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426266)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aud-house-gallery-img-02.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426266/; classtype:trojan-activity;sid:84289366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426258)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circ-1430-3a-tirada-liga-camp.doc.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426258/; classtype:trojan-activity;sid:84289358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426259)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2019-03-05-at-1.23.29-pm.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426259/; classtype:trojan-activity;sid:84289359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426260)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oscar_cornago-se_alquila-la_construcci2525252525252525252525c32525252525252525252525b3n_de_un_archivo_vivo.pdf.lnk"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426260/; classtype:trojan-activity;sid:84289360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426261)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/descarga-5.jpeg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426261/; classtype:trojan-activity;sid:84289361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426254)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/alpes-inox-catalogoxl-liberiincucina-012017-it_en.pdf.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426254/; classtype:trojan-activity;sid:84289354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426255)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/asccw2.png.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426255/; classtype:trojan-activity;sid:84289355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426256)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gxm2kepxkaavchv-1024x618.jpeg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426256/; classtype:trojan-activity;sid:84289356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426257)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dhaka-chamber-of-commerce-industries-dcci-logo-a2d236de6f-seeklogo.com_-150x150.png.lnk"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426257/; classtype:trojan-activity;sid:84289357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426244)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jairo-rocha-aldeia-ext-piscina-r02resultado-me25252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525cc2525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252581dio.jpeg.lnk"; http_uri; depth:257; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426244/; classtype:trojan-activity;sid:84289344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426245)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/43770-0ff363f7c8faeb6b2bf78c935f0421f44.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426245/; classtype:trojan-activity;sid:84289345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426246)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/seleccio25252525252525252525252525252525252525252525cc2525252525252525252525252525252525252525252581n-325252525252525252525252525252525252525252525c225252525252525252525252525252525252525252525b0-convocatoria.pdf.lnk"; http_uri; depth:227; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426246/; classtype:trojan-activity;sid:84289346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426247)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/descarga-2024-11-21t121645.822.png.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426247/; classtype:trojan-activity;sid:84289347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426248)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cardial-klinika-beograd-5.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426248/; classtype:trojan-activity;sid:84289348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426249)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3r-trofeu-sant-jordi.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426249/; classtype:trojan-activity;sid:84289349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426250)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hnh034.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426250/; classtype:trojan-activity;sid:84289350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426251)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8681bdf9-fe4a-a5a2-e1bc-3b3c16ffaf21.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426251/; classtype:trojan-activity;sid:84289351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426252)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sinai-pearl-grey-3.jpeg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426252/; classtype:trojan-activity;sid:84289352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426253)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/viber_image_2024-02-07_23-14-06-531.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426253/; classtype:trojan-activity;sid:84289353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426234)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tiamo-lodge78.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426234/; classtype:trojan-activity;sid:84289334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426235)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9168-tapisserie-chambord.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426235/; classtype:trojan-activity;sid:84289335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426236)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/d911c93d-5852-5a59-952a-34a85888ffc2.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426236/; classtype:trojan-activity;sid:84289336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426237)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screen-shot-2021-02-05-at-4.36.44-pm.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426237/; classtype:trojan-activity;sid:84289337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426238)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/panasonic-kx-tgb110-cordless-phone-product-box-x800.jpg.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426238/; classtype:trojan-activity;sid:84289338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426239)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_8151.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426239/; classtype:trojan-activity;sid:84289339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426240)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/how-to-make-sensory-bag-for-child-sensorimotor-development-learning-olors.png.lnk"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426240/; classtype:trojan-activity;sid:84289340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426241)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tiamo-fishing04.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426241/; classtype:trojan-activity;sid:84289341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426242)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7dbb81_a42bdd37e62d4489b559942188da585f.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426242/; classtype:trojan-activity;sid:84289342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426243)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6daefe10-94b5-4283-8961-a866ecc274c1.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426243/; classtype:trojan-activity;sid:84289343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426223)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/amazon-5215-1024x1024.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426223/; classtype:trojan-activity;sid:84289323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426224)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/abr-sesta-imid-nowotwory-dzieciece-pretest-2025-01-16.pdf.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426224/; classtype:trojan-activity;sid:84289324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426225)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/grandparents-day-2.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426225/; classtype:trojan-activity;sid:84289325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426226)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vendet-e-lira-dt.-24.01.2025.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426226/; classtype:trojan-activity;sid:84289326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426227)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/does-nitroglycerin-pills-work-like-viagra.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426227/; classtype:trojan-activity;sid:84289327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426228)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5b.1-labeling-components.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426228/; classtype:trojan-activity;sid:84289328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426229)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mfin_por_09.30.2024.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426229/; classtype:trojan-activity;sid:84289329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426230)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ba_minis_04-2.png.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426230/; classtype:trojan-activity;sid:84289330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426231)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/m.a-course-details-.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426231/; classtype:trojan-activity;sid:84289331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426232)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cardial-klinika-beograd-4.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426232/; classtype:trojan-activity;sid:84289332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426233)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gxwpg9xx0aawaeh-1024x683.jpeg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426233/; classtype:trojan-activity;sid:84289333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426220)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/viber_image_2024-02-07_23-13-51-662.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426220/; classtype:trojan-activity;sid:84289320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426221)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/czujka-magnetyczna-b-1br1.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426221/; classtype:trojan-activity;sid:84289321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426222)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2022-02-22-at-15.46.18-2.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426222/; classtype:trojan-activity;sid:84289322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426216)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/florida-tarpon6.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426216/; classtype:trojan-activity;sid:84289316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426217)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rosegarden_logo.png.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426217/; classtype:trojan-activity;sid:84289317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426218)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/iie-formativo-cs-nat-1024x576.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426218/; classtype:trojan-activity;sid:84289318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426219)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-st-khelo-chess-academy-international-open-fide-rating-chess-tournament_20241114_125636_0000.pdf.lnk"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426219/; classtype:trojan-activity;sid:84289319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426214)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lavadora.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426214/; classtype:trojan-activity;sid:84289314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426215)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/30f21c9f-5886-bfe6-4c99-14ef8e125ec5.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426215/; classtype:trojan-activity;sid:84289315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426204)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/grp4final.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426204/; classtype:trojan-activity;sid:84289304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426205)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_2755-2-1200x800.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426205/; classtype:trojan-activity;sid:84289305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426206)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/varanda01-me25252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525cc2525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252581dio.jpeg.lnk"; http_uri; depth:223; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426206/; classtype:trojan-activity;sid:84289306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426207)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jn2021-mod_12-img-20211108-wa0011.jpg.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426207/; classtype:trojan-activity;sid:84289307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426208)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tr1007.png.webp.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426208/; classtype:trojan-activity;sid:84289308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426209)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/item_xxl_46089865_d6c0174b8db07.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426209/; classtype:trojan-activity;sid:84289309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426210)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_7916-copy.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426210/; classtype:trojan-activity;sid:84289310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426211)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9e24205e-feda-f459-eade-f75bf8f270fa.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426211/; classtype:trojan-activity;sid:84289311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426212)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/queen-mary-university-trip-img-21-408x544-1.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426212/; classtype:trojan-activity;sid:84289312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426213)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sinai-pearl-grey-1.jpeg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426213/; classtype:trojan-activity;sid:84289313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426193)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/48a256b9-0744-99cf-28bd-57fdc9390bcb.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426193/; classtype:trojan-activity;sid:84289293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426194)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hnh039.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426194/; classtype:trojan-activity;sid:84289294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426195)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rutina-ban2525252525252525252525252525252525252525252525252525252525252525252525252525252525252525cc252525252525252525252525252525252525252525252525252525252525252525252525252525252525252583o-.pdf.lnk"; http_uri; depth:211; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426195/; classtype:trojan-activity;sid:84289295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426196)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/art-scaled.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426196/; classtype:trojan-activity;sid:84289296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426197)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/khatemia.jpeg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426197/; classtype:trojan-activity;sid:84289297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426198)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jt-header05.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426198/; classtype:trojan-activity;sid:84289298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426199)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/374.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426199/; classtype:trojan-activity;sid:84289299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426200)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hal2525252525252525252525252525c42525252525252525252525252525b1-2.png.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426200/; classtype:trojan-activity;sid:84289300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426201)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/serbajenta-slabs-1.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426201/; classtype:trojan-activity;sid:84289301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426202)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plan-de-travail-1.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426202/; classtype:trojan-activity;sid:84289302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426203)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a02a8dff-03af-7d79-13c9-9332680ea78a.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426203/; classtype:trojan-activity;sid:84289303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426183)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/how-to-make-a-homemade-volcano-3-types-of-volcano-cinder-cone-shield-and-composite-volcanoes.jpg.lnk"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426183/; classtype:trojan-activity;sid:84289283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426184)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/descarga-2024-11-21t121636.345.png.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426184/; classtype:trojan-activity;sid:84289284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426185)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ba_minis_02-1.png.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426185/; classtype:trojan-activity;sid:84289285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426186)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/s-l1600-2-1024x543.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426186/; classtype:trojan-activity;sid:84289286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426187)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mikro-tipis.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426187/; classtype:trojan-activity;sid:84289287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426188)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/modelo-04.02-presentacion-de-candidatura-jueces-arbitros-a-miembro-de-la-asamblea-general.doc.lnk"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426188/; classtype:trojan-activity;sid:84289288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426189)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_7950.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426189/; classtype:trojan-activity;sid:84289289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426190)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-design-1.png.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426190/; classtype:trojan-activity;sid:84289290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426191)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/about-slide1.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426191/; classtype:trojan-activity;sid:84289291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426192)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5691-055.084-10x8cm-1.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426192/; classtype:trojan-activity;sid:84289292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426181)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mueble-marron-dos-cuerpos_a.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426181/; classtype:trojan-activity;sid:84289281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426182)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/czujkacobalt_plus_.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426182/; classtype:trojan-activity;sid:84289282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426175)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/media-4-1.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426175/; classtype:trojan-activity;sid:84289275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426176)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/assessment-25252525252525252525252525252525252525252525252525252525252525e225252525252525252525252525252525252525252525252525252525252525802525252525252525252525252525252525252525252525252525252525252593-1.jpg.lnk"; http_uri; depth:224; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426176/; classtype:trojan-activity;sid:84289276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426177)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jn_2025-bogota_2025-2.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426177/; classtype:trojan-activity;sid:84289277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426178)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3-loi-elec-98-032.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426178/; classtype:trojan-activity;sid:84289278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426179)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-6211.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426179/; classtype:trojan-activity;sid:84289279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426180)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6001-1200x800.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426180/; classtype:trojan-activity;sid:84289280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426169)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/prospectus-for-fyjcsyjcca-foundation-2020-22-3.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426169/; classtype:trojan-activity;sid:84289269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426170)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/01-1.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426170/; classtype:trojan-activity;sid:84289270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426171)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resolucio25252525252525252525252525252525cc2525252525252525252525252525252581n-bases.pdf.lnk"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426171/; classtype:trojan-activity;sid:84289271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426172)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4-3.png.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426172/; classtype:trojan-activity;sid:84289272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426173)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/viber_image_2024-02-07_23-12-42-667-e1710718183798.jpg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426173/; classtype:trojan-activity;sid:84289273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426174)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_5523-1-533x800.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426174/; classtype:trojan-activity;sid:84289274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426160)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot_20240516-234944.png.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426160/; classtype:trojan-activity;sid:84289260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426161)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sunny-menia.jpeg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426161/; classtype:trojan-activity;sid:84289261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426162)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/f-a-formulario-investigacion-ciencias-naturales-crecyt2019_20-05-2019.docx.lnk"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426162/; classtype:trojan-activity;sid:84289262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426163)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/khaadi-simple-abaya.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426163/; classtype:trojan-activity;sid:84289263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426164)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cardial-klinika-beograd-mila-zivojinovic.jpg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426164/; classtype:trojan-activity;sid:84289264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426165)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/artboard-13-1.png.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426165/; classtype:trojan-activity;sid:84289265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426166)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/as-header06.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426166/; classtype:trojan-activity;sid:84289266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426167)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/metro-shoes-spring-fashion.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426167/; classtype:trojan-activity;sid:84289267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426168)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3633-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426168/; classtype:trojan-activity;sid:84289268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426151)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/czujka-magnetycznab-4m.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426151/; classtype:trojan-activity;sid:84289251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426152)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/explora_me25252525252525252525252525252525252525252525252525cc2525252525252525252525252525252525252525252525252581todo-cienti25252525252525252525252525252525252525252525252525cc2525252525252525252525252525252525252525252525252581fico_mv.pdf.lnk"; http_uri; depth:255; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426152/; classtype:trojan-activity;sid:84289252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426153)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cardial-klinika-beograd-3.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426153/; classtype:trojan-activity;sid:84289253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426154)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-reglamento-torneo-de-debates-escolares-en-c-y-t-explora-2017.pdf.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426154/; classtype:trojan-activity;sid:84289254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426155)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/217503653_10223527311425403_5394690085267293825_n.jpg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426155/; classtype:trojan-activity;sid:84289255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426156)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pauta-evaluacion-escrito.doc.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426156/; classtype:trojan-activity;sid:84289256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426157)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9-1-725x544-1.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426157/; classtype:trojan-activity;sid:84289257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426158)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/acmbf.jpeg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426158/; classtype:trojan-activity;sid:84289258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426159)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1522968a-a2a9-772e-6afb-b32bbc290943.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426159/; classtype:trojan-activity;sid:84289259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426144)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dscf1491-1-1200x800.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426144/; classtype:trojan-activity;sid:84289244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426145)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nagata-drill.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426145/; classtype:trojan-activity;sid:84289245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426146)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/how-to-make-origami-house-diagram.jpg.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426146/; classtype:trojan-activity;sid:84289246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426147)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/infinity-clear-ntsc.jpg.webp.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426147/; classtype:trojan-activity;sid:84289247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426148)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2025-01-22-at-13.26.27-e1738089845227.jpeg.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426148/; classtype:trojan-activity;sid:84289248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426149)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/07-min.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426149/; classtype:trojan-activity;sid:84289249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426150)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/what-is-the-cost-of-10-pills-ot-10-milligrams-of-cialis.pdf.lnk"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426150/; classtype:trojan-activity;sid:84289250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426136)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/arm-support-honda-oem.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426136/; classtype:trojan-activity;sid:84289236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426137)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc03320-2-1200x800.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426137/; classtype:trojan-activity;sid:84289237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426138)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/yyy.png.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426138/; classtype:trojan-activity;sid:84289238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426139)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/copie-a-fisierului-autism-voice-logo-pack_landscape-pozitiv-e1708935372981-1024x393.png.lnk"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426139/; classtype:trojan-activity;sid:84289239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426140)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-30-1-scaled.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426140/; classtype:trojan-activity;sid:84289240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426141)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/notification-round-i-guart-22.1.21-v1.5.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426141/; classtype:trojan-activity;sid:84289241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426142)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kako-iskoristiti-znanost-za-napuhati-balon.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426142/; classtype:trojan-activity;sid:84289242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426143)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ao-1773-auxilio-moradia.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426143/; classtype:trojan-activity;sid:84289243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426131)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resolucio252525252525252525252525252525252525cc25252525252525252525252525252525252581n-bases.pdf.lnk"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426131/; classtype:trojan-activity;sid:84289231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426132)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/313.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426132/; classtype:trojan-activity;sid:84289232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426133)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6-decret-2021-326.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426133/; classtype:trojan-activity;sid:84289233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426134)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urb-bld-101r-1.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426134/; classtype:trojan-activity;sid:84289234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426135)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/florida-tarpon3.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426135/; classtype:trojan-activity;sid:84289235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426127)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_7933-1.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426127/; classtype:trojan-activity;sid:84289227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426128)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vendet-e-lira-dt.-03.02.2025.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426128/; classtype:trojan-activity;sid:84289228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426129)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screen-shot-2022-04-27-at-2.26.13-pm.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426129/; classtype:trojan-activity;sid:84289229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426130)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/carta-de-compromiso-pipe-2022.docx.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426130/; classtype:trojan-activity;sid:84289230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426117)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/067.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426117/; classtype:trojan-activity;sid:84289217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426118)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rt-35-rio-escondido-3-has-bardeadas-constellation-coca-y-br-2.jpeg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426118/; classtype:trojan-activity;sid:84289218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426119)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gxqfxlwwqaab21s-1024x768.jpeg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426119/; classtype:trojan-activity;sid:84289219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426120)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_8007.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426120/; classtype:trojan-activity;sid:84289220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426121)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cambridge_pansu_2.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426121/; classtype:trojan-activity;sid:84289221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426122)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/descarga-2024-11-20t172227.950.png.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426122/; classtype:trojan-activity;sid:84289222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426123)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/florida-permit3.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426123/; classtype:trojan-activity;sid:84289223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426124)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/c22f73c6-6e1b-a837-5762-1fea11721d62.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426124/; classtype:trojan-activity;sid:84289224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426125)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/women-1800x1200-1-1024x683.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426125/; classtype:trojan-activity;sid:84289225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426126)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/centrala-esprit-7382525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252b.jpg.lnk"; http_uri; depth:202; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426126/; classtype:trojan-activity;sid:84289226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426109)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot_20240516-191924.png.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426109/; classtype:trojan-activity;sid:84289209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426110)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/presentacion-auscham-2024.pptx.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426110/; classtype:trojan-activity;sid:84289210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426111)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/362.jpg.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426111/; classtype:trojan-activity;sid:84289211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426112)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urb-ewl-2422-e1536124749658.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426112/; classtype:trojan-activity;sid:84289212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426113)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8-6.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426113/; classtype:trojan-activity;sid:84289213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426114)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tondeuse-cheveux-daling-dl-1538-a.jpg.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426114/; classtype:trojan-activity;sid:84289214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426115)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rl-40-3-1.jpeg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426115/; classtype:trojan-activity;sid:84289215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426116)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kc_bn.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426116/; classtype:trojan-activity;sid:84289216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426104)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/167545589331ecbdf48752112801d9edb16fd23860.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426104/; classtype:trojan-activity;sid:84289204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426105)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/savannah-e1474908631571.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426105/; classtype:trojan-activity;sid:84289205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426106)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eduardoramosfotos-16-3.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426106/; classtype:trojan-activity;sid:84289206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426107)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_8578.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426107/; classtype:trojan-activity;sid:84289207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426108)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot_20250122_205408_canva-2-797x1030.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426108/; classtype:trojan-activity;sid:84289208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426096)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/p178701-decim_cr.docx.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426096/; classtype:trojan-activity;sid:84289196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426097)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/46-blitar.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426097/; classtype:trojan-activity;sid:84289197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426098)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2019-03-06-at-6.30.32-am.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426098/; classtype:trojan-activity;sid:84289198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426099)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hettich-pag-web_accesorios-prueba-kit-cajones-hettich.jpg.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426099/; classtype:trojan-activity;sid:84289199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426100)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/contrato-003-.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426100/; classtype:trojan-activity;sid:84289200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426101)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b_ankara_asi_serum_biyolojik_madde_ve_ilac_kontrol_enstitusu_1_kisim_insaati_2004_1.jpg.lnk"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426101/; classtype:trojan-activity;sid:84289201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426102)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/305.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426102/; classtype:trojan-activity;sid:84289202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426103)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cofre-de-juguetes.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426103/; classtype:trojan-activity;sid:84289203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426090)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/box_limited_edition_new_design3-scaled.jpg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426090/; classtype:trojan-activity;sid:84289190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426091)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/apisan-forte-indicatii-si-beneficii-2.png.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426091/; classtype:trojan-activity;sid:84289191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426092)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5-3.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426092/; classtype:trojan-activity;sid:84289192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426093)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gxne1k3xyaaaqrz-1024x574.jpeg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426093/; classtype:trojan-activity;sid:84289193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426094)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot_20240516-190731.png.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426094/; classtype:trojan-activity;sid:84289194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426095)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot_20250126_161400_canva-781x1030.jpg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426095/; classtype:trojan-activity;sid:84289195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426086)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-08-22-at-07.54.51.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426086/; classtype:trojan-activity;sid:84289186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426087)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/27-scaled.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426087/; classtype:trojan-activity;sid:84289187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426088)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-1-4-scaled.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426088/; classtype:trojan-activity;sid:84289188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426089)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/110.png.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426089/; classtype:trojan-activity;sid:84289189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426071)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/descubriendo-nuestro-planeta.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426071/; classtype:trojan-activity;sid:84289171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426072)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/origami-pig-diagram.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426072/; classtype:trojan-activity;sid:84289172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426073)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/11-6.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426073/; classtype:trojan-activity;sid:84289173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426074)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/alquran-kuno-ilustrasi-_140701112657-463.jpg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426074/; classtype:trojan-activity;sid:84289174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426075)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/your-name-back.png.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426075/; classtype:trojan-activity;sid:84289175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426076)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dossier-2023-2024-par-explora-rmsp.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426076/; classtype:trojan-activity;sid:84289176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426077)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_8065.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426077/; classtype:trojan-activity;sid:84289177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426078)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/matsamo-rooms.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426078/; classtype:trojan-activity;sid:84289178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426079)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fb-formulario-investigacion-ciencias-sociales-crecyt2018-rmso.docx.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426079/; classtype:trojan-activity;sid:84289179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426080)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/shutterstock_170475806-2.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426080/; classtype:trojan-activity;sid:84289180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426081)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/your-name-front.png.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426081/; classtype:trojan-activity;sid:84289181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426082)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2018-kawaii-swift-scout-timor-teemo-s-hat-men-women-lol-merchandise-side-cosplay-party-warm.jpg_q90.jpg_.jpeg.lnk"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426082/; classtype:trojan-activity;sid:84289182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426083)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1675178912043894fcbf4fd4597b0cfb98aaa065eb.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426083/; classtype:trojan-activity;sid:84289183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426084)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc7631-scaled.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426084/; classtype:trojan-activity;sid:84289184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426085)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/catalogo_misterbrand_setorautomovel_pt.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426085/; classtype:trojan-activity;sid:84289185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426068)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ite-724x1024.png.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426068/; classtype:trojan-activity;sid:84289168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426069)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tekstil-sektorunun-oncu-aktorleri2.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426069/; classtype:trojan-activity;sid:84289169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426070)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/the-best-is-yet-to-come-for-indian-pr-agencies-ashwani-singla-1.pdf.lnk"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426070/; classtype:trojan-activity;sid:84289170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426061)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sec-cert.-amended-by-laws-12.03.2012.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426061/; classtype:trojan-activity;sid:84289161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426062)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cetim-prime-black-5169_-1024x1024.jpg.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426062/; classtype:trojan-activity;sid:84289162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426063)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eduardoramosfotos-40-1.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426063/; classtype:trojan-activity;sid:84289163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426064)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vr-2-25-camino-al-remolino-125000-dlls.jpg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426064/; classtype:trojan-activity;sid:84289164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426065)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5.-bitacora-252525252525252525252525252525252525252525c2252525252525252525252525252525252525252525bfque252525252525252525252525252525252525252525cc25252525252525252525252525252525252525252581-haremos-nosotros-para-cuidar-nuestro-cielo-agp.pdf.lnk"; http_uri; depth:257; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426065/; classtype:trojan-activity;sid:84289165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426066)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_4481-1200x800.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426066/; classtype:trojan-activity;sid:84289166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426067)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/50-100pcs-game-lol-cosplay-swift-scout-teemo-cosplay-hat-high-quality-plush-cute-cosplay-cap.jpg_220x220q90.jpg_.jpeg.lnk"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426067/; classtype:trojan-activity;sid:84289167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426054)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kids-and-cabernet-persona.docx.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426054/; classtype:trojan-activity;sid:84289154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426055)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1262221-scaled.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426055/; classtype:trojan-activity;sid:84289155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426056)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mayor-upmayor.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426056/; classtype:trojan-activity;sid:84289156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426057)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/social-media-policy2010.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426057/; classtype:trojan-activity;sid:84289157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426058)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rosii-tomate-date-nutritionale.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426058/; classtype:trojan-activity;sid:84289158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426059)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cardial-klinika-beograd.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426059/; classtype:trojan-activity;sid:84289159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426060)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cardial-klinika-beograd-dragana-zivojinovic-ganem.jpg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426060/; classtype:trojan-activity;sid:84289160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426051)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circ-7313-entrenador-pla-tecnificiacio-base2.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426051/; classtype:trojan-activity;sid:84289151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426052)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/m500303_0004054_p.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426052/; classtype:trojan-activity;sid:84289152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426053)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bib_cheval_2l.143.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426053/; classtype:trojan-activity;sid:84289153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426042)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/formulariopersonanaturalbogota.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426042/; classtype:trojan-activity;sid:84289142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426043)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4.-bitacora-252525252525252525252525252525252525252525c2252525252525252525252525252525252525252525bfque252525252525252525252525252525252525252525cc25252525252525252525252525252525252525252581-hay-en-el-cielo-para-orientarse-en-la-tierra-agp.pdf.lnk"; http_uri; depth:259; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426043/; classtype:trojan-activity;sid:84289143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426044)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/adulto-prestan.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426044/; classtype:trojan-activity;sid:84289144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426045)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resultados-prov-xix-torfeo-ciutat-de-lleida1.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426045/; classtype:trojan-activity;sid:84289145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426046)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/moffi-mouse-y-tecl-1024x587.png.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426046/; classtype:trojan-activity;sid:84289146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426047)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-17-3-scaled.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426047/; classtype:trojan-activity;sid:84289147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426048)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estudios-previos20240314_09534724.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426048/; classtype:trojan-activity;sid:84289148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426049)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/construction-chemicals-house-model.pdf2525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252520.lnk"; http_uri; depth:165; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426049/; classtype:trojan-activity;sid:84289149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426050)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/daftar-nominatif-pantarlih-pemilu-tahun-2024-kecamatan-cileles.pdf.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426050/; classtype:trojan-activity;sid:84289150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426034)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hiew-boon-thong.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426034/; classtype:trojan-activity;sid:84289134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426035)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/florida-permit2.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426035/; classtype:trojan-activity;sid:84289135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426036)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/newsflash-26th-30th-august-2024-1.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426036/; classtype:trojan-activity;sid:84289136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426037)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sitron.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426037/; classtype:trojan-activity;sid:84289137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426038)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/d5c69c247fb188efd1a018.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426038/; classtype:trojan-activity;sid:84289138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426039)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/34.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426039/; classtype:trojan-activity;sid:84289139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426040)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0015.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426040/; classtype:trojan-activity;sid:84289140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426041)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/local-158.jpeg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426041/; classtype:trojan-activity;sid:84289141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426026)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4-1-scaled.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426026/; classtype:trojan-activity;sid:84289126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426027)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/web-check-in-nam-air.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426027/; classtype:trojan-activity;sid:84289127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426028)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/066.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426028/; classtype:trojan-activity;sid:84289128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426029)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/589357346.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426029/; classtype:trojan-activity;sid:84289129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426030)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/business-conference-rear-view-people-waiting-elevator-office-135725292_easy-resize.com_.jpg.lnk"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426030/; classtype:trojan-activity;sid:84289130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426031)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eduardoramosfotos-17-2-scaled-1.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426031/; classtype:trojan-activity;sid:84289131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426032)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-3.png.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426032/; classtype:trojan-activity;sid:84289132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426033)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mis-report-template.xlsx.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426033/; classtype:trojan-activity;sid:84289133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426020)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/commercial-lift-500x500_easy-resize.com_.jpg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426020/; classtype:trojan-activity;sid:84289120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426021)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/50-mini-resistance-band-exercises.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426021/; classtype:trojan-activity;sid:84289121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426022)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hnh-eg.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426022/; classtype:trojan-activity;sid:84289122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426023)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/descarga-3.jpeg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426023/; classtype:trojan-activity;sid:84289123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426024)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/golden-berries-fresh-harvest.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426024/; classtype:trojan-activity;sid:84289124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426025)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/contoh-perhitungan-pajak-dokter-jasakonsultanpajakid.pdf.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426025/; classtype:trojan-activity;sid:84289125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426014)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cardial-klinika-beograd-1.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426014/; classtype:trojan-activity;sid:84289114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426015)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/how-to-get-a-doctor-to-prescribe-cialis.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426015/; classtype:trojan-activity;sid:84289115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426016)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/e27c5431-b7cf-1c6a-2956-ac5cf647327f.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426016/; classtype:trojan-activity;sid:84289116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426017)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/revistaexplora_2020_5.3.2021.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426017/; classtype:trojan-activity;sid:84289117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426018)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sinai-pearl-beige-brushed.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426018/; classtype:trojan-activity;sid:84289118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426019)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/descarga-2024-11-20t180518.845.png.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426019/; classtype:trojan-activity;sid:84289119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426008)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gallery_gallileeship.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426008/; classtype:trojan-activity;sid:84289108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426009)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/asccw.png.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426009/; classtype:trojan-activity;sid:84289109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426010)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/download-1-1.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426010/; classtype:trojan-activity;sid:84289110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426011)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-16-1-scaled.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426011/; classtype:trojan-activity;sid:84289111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426012)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58678bde-0e7e-d680-11e1-84a4457b0995.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426012/; classtype:trojan-activity;sid:84289112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426013)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-03-29-at-7.18.27-pm.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426013/; classtype:trojan-activity;sid:84289113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425999)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-brand.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425999/; classtype:trojan-activity;sid:84289099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426000)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/31054663_2103298766569276_5825003104042483712_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426000/; classtype:trojan-activity;sid:84289100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426001)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/029.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426001/; classtype:trojan-activity;sid:84289101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426002)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/85.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426002/; classtype:trojan-activity;sid:84289102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426003)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jn_2025-bogota_2025-3.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426003/; classtype:trojan-activity;sid:84289103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426004)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6647-1200x800.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426004/; classtype:trojan-activity;sid:84289104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426005)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2020-10-30-at-6.04.18-pm.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426005/; classtype:trojan-activity;sid:84289105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426006)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20220419-wa0013.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426006/; classtype:trojan-activity;sid:84289106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3426007)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/645_a.jp-2.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3426007/; classtype:trojan-activity;sid:84289107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425993)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1584823489114_paul-esch-laurent-8ssnfn4vplg-unsplash-1024x683.jpg.lnk"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425993/; classtype:trojan-activity;sid:84289093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425994)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/can-i-get-viagra-over-the-counter-at-cvs.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425994/; classtype:trojan-activity;sid:84289094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425995)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/taller-estructuremos-oraciones.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425995/; classtype:trojan-activity;sid:84289095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425996)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_2183-1200x800.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425996/; classtype:trojan-activity;sid:84289096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425997)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8-1.png.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425997/; classtype:trojan-activity;sid:84289097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425998)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/product25252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252520catalog.pdf.lnk"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425998/; classtype:trojan-activity;sid:84289098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425986)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/wise-account-details-payer-67446614.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425986/; classtype:trojan-activity;sid:84289086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425987)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urdher-nr.66-date-13.02.2024-miratimin-e-rregullores-per-vleresimin-e-arritjeve-te-nxenesve-ne-arsimin-fillor.pdf.lnk"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425987/; classtype:trojan-activity;sid:84289087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425988)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/viste-al-nino.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425988/; classtype:trojan-activity;sid:84289088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425989)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/16754558835446ea54bc458eaad3e71ad666d7fdf8.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425989/; classtype:trojan-activity;sid:84289089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425990)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/descarga-2024-11-20t204300.262.png.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425990/; classtype:trojan-activity;sid:84289090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425991)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-31-1-scaled.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425991/; classtype:trojan-activity;sid:84289091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425992)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mint-1-25-5-2021.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425992/; classtype:trojan-activity;sid:84289092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425979)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vivix-site-int-sala-janelao-r01resultado-me25252525252525252525252525252525252525252525252525252525252525252525252525252525cc2525252525252525252525252525252525252525252525252525252525252525252525252525252581dio.jpeg.lnk"; http_uri; depth:230; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425979/; classtype:trojan-activity;sid:84289079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425980)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gk-steel-application-form.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425980/; classtype:trojan-activity;sid:84289080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425981)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/florida-tarpon12.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425981/; classtype:trojan-activity;sid:84289081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425982)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/canciones-para-estimular-el-lenguaje.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425982/; classtype:trojan-activity;sid:84289082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425983)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tbl_articles_article_31320_177cdc9a513-c413-474a-9e5b-76426e843098.jpg.lnk"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425983/; classtype:trojan-activity;sid:84289083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425984)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8-2.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425984/; classtype:trojan-activity;sid:84289084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425985)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/02-2.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425985/; classtype:trojan-activity;sid:84289085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425974)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pw100_power_bank_4g_pocket_router_10000mah_bd_price-8-550x550h.jpg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425974/; classtype:trojan-activity;sid:84289074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425975)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vlvula-de-abastecimento-selado-para-reservatrio.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425975/; classtype:trojan-activity;sid:84289075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425976)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/weekly-calendar-december-2024.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425976/; classtype:trojan-activity;sid:84289076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425977)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pmd-tbs-1.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425977/; classtype:trojan-activity;sid:84289077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425978)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/as-header05.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425978/; classtype:trojan-activity;sid:84289078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425967)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sapelo-island-e1474908642532.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425967/; classtype:trojan-activity;sid:84289067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425968)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gorsel-1.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425968/; classtype:trojan-activity;sid:84289068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425969)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/calibration-shakers-from-100-n-to-400-n.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425969/; classtype:trojan-activity;sid:84289069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425970)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_9036-1200x800.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425970/; classtype:trojan-activity;sid:84289070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425971)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hoja-de-seguridad-ataf-blue-hd-2022.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425971/; classtype:trojan-activity;sid:84289071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425972)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/form-dem-induc-septok.xlsx.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425972/; classtype:trojan-activity;sid:84289072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425973)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gocuk-fotos-3.jpeg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425973/; classtype:trojan-activity;sid:84289073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425960)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gettyimages-1200969305-db843b69796240488d95e7f5ee51c391.jpg.lnk"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425960/; classtype:trojan-activity;sid:84289060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425961)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/office-gallery-6.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425961/; classtype:trojan-activity;sid:84289061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425962)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/performance_flood-light_elf15065_150w-product_datasheet.pdf.lnk"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425962/; classtype:trojan-activity;sid:84289062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425963)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urnammu-profile.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425963/; classtype:trojan-activity;sid:84289063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425964)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/retirement-benefits-options-1-1.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425964/; classtype:trojan-activity;sid:84289064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425965)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/descarga-2024-11-20t213206.111.png.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425965/; classtype:trojan-activity;sid:84289065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425966)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/countertops2018.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425966/; classtype:trojan-activity;sid:84289066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425952)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/despacho_paralisacao.doc.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425952/; classtype:trojan-activity;sid:84289052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425953)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc04370-edit.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425953/; classtype:trojan-activity;sid:84289053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425954)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/descarga-2024-11-20t180507.615.png.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425954/; classtype:trojan-activity;sid:84289054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425955)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/decret-n2525252525252525252525252525252525252525252525252525252525252525c22525252525252525252525252525252525252525252525252525252525252525b0-2021-326_meh_procedures-relatives-aux-productions-denergie-electrique.pdf.lnk"; http_uri; depth:229; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425955/; classtype:trojan-activity;sid:84289055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425956)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/teclado-de-colores-79.99.png.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425956/; classtype:trojan-activity;sid:84289056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425957)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_5169-2-1200x800.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425957/; classtype:trojan-activity;sid:84289057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425958)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/item_xxl_27186867_58178535.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425958/; classtype:trojan-activity;sid:84289058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425959)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gxgt_utwwaajbfg-1024x574.jpeg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425959/; classtype:trojan-activity;sid:84289059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425945)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9cb89b85-ff2e-f9d1-ac04-c17faa6b7db6.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425945/; classtype:trojan-activity;sid:84289045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425946)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/viber_image_2024-02-07_23-12-17-666.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425946/; classtype:trojan-activity;sid:84289046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425947)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jt-header03.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425947/; classtype:trojan-activity;sid:84289047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425948)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/la-rentree-a-la-cgt.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425948/; classtype:trojan-activity;sid:84289048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425949)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/viber_image_2024-02-07_23-10-15-672-e1710718161109.jpg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425949/; classtype:trojan-activity;sid:84289049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425950)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sunset.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425950/; classtype:trojan-activity;sid:84289050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425951)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20221010_0004.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425951/; classtype:trojan-activity;sid:84289051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425942)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-38.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425942/; classtype:trojan-activity;sid:84289042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425943)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gallery_isreal1.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425943/; classtype:trojan-activity;sid:84289043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425944)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cargo-lift.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425944/; classtype:trojan-activity;sid:84289044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425939)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a-new-theological-landscape-jacob-haasnoot.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425939/; classtype:trojan-activity;sid:84289039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425940)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sunny-menia-polished-slabs-6.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425940/; classtype:trojan-activity;sid:84289040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425941)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5-16.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425941/; classtype:trojan-activity;sid:84289041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425934)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circ_2232_1a_tirada_lliga_cat_sala_20236447.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425934/; classtype:trojan-activity;sid:84289034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425935)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fb_img_700863152583321392-579x1030.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425935/; classtype:trojan-activity;sid:84289035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425936)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/98_union-exterior-west.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425936/; classtype:trojan-activity;sid:84289036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425937)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/teclado-y-mouse-1024x390.png.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425937/; classtype:trojan-activity;sid:84289037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425938)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-12-1-scaled.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425938/; classtype:trojan-activity;sid:84289038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425928)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/16754553252d23bbb0ad4920d8a6f335316206f55a.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425928/; classtype:trojan-activity;sid:84289028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425929)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-03-29-at-7.18.42-pm.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425929/; classtype:trojan-activity;sid:84289029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425930)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/201559218534.png.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425930/; classtype:trojan-activity;sid:84289030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425931)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/construction-chemicals-product-range.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425931/; classtype:trojan-activity;sid:84289031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425932)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-4-2-scaled.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425932/; classtype:trojan-activity;sid:84289032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425933)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/suportes-bandeiras-promocionais_suporte-roda.jpg.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425933/; classtype:trojan-activity;sid:84289033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425916)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/varanda01-me252525252525252525252525252525252525252525252525252525252525252525252525252525cc25252525252525252525252525252525252525252525252525252525252525252525252525252581dio.jpeg.lnk"; http_uri; depth:195; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425916/; classtype:trojan-activity;sid:84289016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425917)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jn2021-mod_12-img-20211108-wa0000.jpg.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425917/; classtype:trojan-activity;sid:84289017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425918)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/30-resistance-tube-exercises-1.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425918/; classtype:trojan-activity;sid:84289018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425919)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cardial-klinika-beograd-2.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425919/; classtype:trojan-activity;sid:84289019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425920)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_5144-2-1200x800.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425920/; classtype:trojan-activity;sid:84289020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425921)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kanvas-sueding.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425921/; classtype:trojan-activity;sid:84289021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425922)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/descarga-2024-11-20t213208.848.png.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425922/; classtype:trojan-activity;sid:84289022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425923)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gbrggf.png.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425923/; classtype:trojan-activity;sid:84289023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425924)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/79bc2cd40f50252d62a9303692b2afd3.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425924/; classtype:trojan-activity;sid:84289024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425925)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/modern-bed-room-interior-design-qf3cdlf.jpg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425925/; classtype:trojan-activity;sid:84289025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425926)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/contrato-sebastian-pabon.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425926/; classtype:trojan-activity;sid:84289026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425927)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ba_minis_01-1.png.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425927/; classtype:trojan-activity;sid:84289027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425913)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sensocon.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425913/; classtype:trojan-activity;sid:84289013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425914)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urb-ewl-2422.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425914/; classtype:trojan-activity;sid:84289014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425915)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ic003.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425915/; classtype:trojan-activity;sid:84289015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425907)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/adh230025252525252525252525252525252520application25252525252525252525252525252520guide_apple.pdf.lnk"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425907/; classtype:trojan-activity;sid:84289007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425908)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/268958743_473470314141621_1426658535242996605_n-832x1024.jpg.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425908/; classtype:trojan-activity;sid:84289008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425909)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imag0181-1030x579.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425909/; classtype:trojan-activity;sid:84289009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425910)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/d.jpg.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425910/; classtype:trojan-activity;sid:84289010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425911)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vc-2-24-c.-cipres-col.-guillen-28.jpeg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425911/; classtype:trojan-activity;sid:84289011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425912)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_5394-2-1200x800.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425912/; classtype:trojan-activity;sid:84289012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425904)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6-12.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425904/; classtype:trojan-activity;sid:84289004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425905)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gbrf.png.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425905/; classtype:trojan-activity;sid:84289005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425906)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jn_2025-curinf_03-4-1.jpeg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425906/; classtype:trojan-activity;sid:84289006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425897)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/130.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425897/; classtype:trojan-activity;sid:84288997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425898)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3635-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425898/; classtype:trojan-activity;sid:84288998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425899)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/daftar-nominatif-pantarlih-pemilu-tahun-2024-kecamatan-muncang.pdf.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425899/; classtype:trojan-activity;sid:84288999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425900)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gbrggbbfdf.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425900/; classtype:trojan-activity;sid:84289000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425901)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/as-header04.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425901/; classtype:trojan-activity;sid:84289001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425902)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/course-structure-department-of-commerce.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425902/; classtype:trojan-activity;sid:84289002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425903)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3630-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425903/; classtype:trojan-activity;sid:84289003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425882)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bl21g.png.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425882/; classtype:trojan-activity;sid:84288982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425883)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gxwnkvoxgaex6lg-1024x682.jpeg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425883/; classtype:trojan-activity;sid:84288983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425884)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/edital-para-manifestacao-de-interesse-as-bolsas-de-estudo-e-de-manutencao-versao-aprovada-rev-equipe-dpo_0.pdf.lnk"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425884/; classtype:trojan-activity;sid:84288984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425885)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cp-9020209-na-gallery-cv450-psu-14-1.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425885/; classtype:trojan-activity;sid:84288985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425886)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/office-gallery-7.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425886/; classtype:trojan-activity;sid:84288986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425887)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/p0-502x520-1.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425887/; classtype:trojan-activity;sid:84288987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425888)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/juan_navarro-cv_2025-1.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425888/; classtype:trojan-activity;sid:84288988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425889)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oscar_cornago-se_alquila-el_bar_avenida_la_universidad_y_las_artes.pdf.lnk"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425889/; classtype:trojan-activity;sid:84288989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425890)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_8541-2-1200x800.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425890/; classtype:trojan-activity;sid:84288990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425891)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sunny-light-3.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425891/; classtype:trojan-activity;sid:84288991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425892)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-4-scaled.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425892/; classtype:trojan-activity;sid:84288992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425893)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sto-club-impressive.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425893/; classtype:trojan-activity;sid:84288993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425894)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jn2021-mod_12-se_alquila-antic-foto_video_04.jpg.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425894/; classtype:trojan-activity;sid:84288994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425895)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cardial-klinika-beograd-9.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425895/; classtype:trojan-activity;sid:84288995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425896)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sinai-pearl-grey-4.jpeg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425896/; classtype:trojan-activity;sid:84288996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425875)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-1-1-scaled.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425875/; classtype:trojan-activity;sid:84288975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425876)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/50-mini-resistance-band-exercises-1-1.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425876/; classtype:trojan-activity;sid:84288976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425877)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hnh003.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425877/; classtype:trojan-activity;sid:84288977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425878)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_2746-1200x800.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425878/; classtype:trojan-activity;sid:84288978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425879)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/petron_cement_industry_lubricants_brochure.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425879/; classtype:trojan-activity;sid:84288979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425880)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/desain-koin-nu-1.jpeg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425880/; classtype:trojan-activity;sid:84288980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425881)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/czujka-magnetyczna-b-1.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425881/; classtype:trojan-activity;sid:84288981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.156.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425874/; classtype:trojan-activity;sid:84288974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425864)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"160.22.160.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425864/; classtype:trojan-activity;sid:84288964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425865)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"160.22.160.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425865/; classtype:trojan-activity;sid:84288965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425866)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"160.22.160.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425866/; classtype:trojan-activity;sid:84288966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425867)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"160.22.160.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425867/; classtype:trojan-activity;sid:84288967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425868)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"160.22.160.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425868/; classtype:trojan-activity;sid:84288968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425869)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"160.22.160.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425869/; classtype:trojan-activity;sid:84288969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425870)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"160.22.160.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425870/; classtype:trojan-activity;sid:84288970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425871)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"160.22.160.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425871/; classtype:trojan-activity;sid:84288971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425872)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"160.22.160.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425872/; classtype:trojan-activity;sid:84288972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425873)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"160.22.160.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425873/; classtype:trojan-activity;sid:84288973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425863)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.177.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425863/; classtype:trojan-activity;sid:84288963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425862)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.185.81.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425862/; classtype:trojan-activity;sid:84288962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425859)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.230.34.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425859/; classtype:trojan-activity;sid:84288959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.133.198.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425860/; classtype:trojan-activity;sid:84288960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425861)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"183.80.207.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425861/; classtype:trojan-activity;sid:84288961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.233.178.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425856/; classtype:trojan-activity;sid:84288956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425857)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.89.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425857/; classtype:trojan-activity;sid:84288957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425858)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.209.88.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425858/; classtype:trojan-activity;sid:84288958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425841)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.71.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425841/; classtype:trojan-activity;sid:84288941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.59.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425842/; classtype:trojan-activity;sid:84288942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425843)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"105.187.43.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425843/; classtype:trojan-activity;sid:84288943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425844)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.27.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425844/; classtype:trojan-activity;sid:84288944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.204.209.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425845/; classtype:trojan-activity;sid:84288945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.182.114.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425846/; classtype:trojan-activity;sid:84288946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.100.115.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425847/; classtype:trojan-activity;sid:84288947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425848)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.217.117.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425848/; classtype:trojan-activity;sid:84288948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.117.24.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425849/; classtype:trojan-activity;sid:84288949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.73.122.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425850/; classtype:trojan-activity;sid:84288950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.245.94.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425851/; classtype:trojan-activity;sid:84288951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"179.9.32.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425852/; classtype:trojan-activity;sid:84288952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.168.173.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425853/; classtype:trojan-activity;sid:84288953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.205.177.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425854/; classtype:trojan-activity;sid:84288954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425855)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.110.5.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425855/; classtype:trojan-activity;sid:84288955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425833)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.92.167.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425833/; classtype:trojan-activity;sid:84288933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.85.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425834/; classtype:trojan-activity;sid:84288934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.18.59"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425835/; classtype:trojan-activity;sid:84288935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.253.103.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425836/; classtype:trojan-activity;sid:84288936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.157.88.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425837/; classtype:trojan-activity;sid:84288937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.132.236.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425838/; classtype:trojan-activity;sid:84288938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425839)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.71.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425839/; classtype:trojan-activity;sid:84288939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.99.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425840/; classtype:trojan-activity;sid:84288940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425831)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.79.35.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425831/; classtype:trojan-activity;sid:84288931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425832)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.27.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425832/; classtype:trojan-activity;sid:84288932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.168.123.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425829/; classtype:trojan-activity;sid:84288929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.8.185.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425830/; classtype:trojan-activity;sid:84288930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425827)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.12.144.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425827/; classtype:trojan-activity;sid:84288927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425828)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.157.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425828/; classtype:trojan-activity;sid:84288928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425826)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.95.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425826/; classtype:trojan-activity;sid:84288926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.212.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425825/; classtype:trojan-activity;sid:84288925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425824)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.136.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425824/; classtype:trojan-activity;sid:84288924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.69.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425823/; classtype:trojan-activity;sid:84288923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.82.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425822/; classtype:trojan-activity;sid:84288922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.173.109.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425821/; classtype:trojan-activity;sid:84288921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.9.125"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425820/; classtype:trojan-activity;sid:84288920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.91.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425819/; classtype:trojan-activity;sid:84288919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.82.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425818/; classtype:trojan-activity;sid:84288918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.188.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425817/; classtype:trojan-activity;sid:84288917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.191.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425815/; classtype:trojan-activity;sid:84288915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.85.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425816/; classtype:trojan-activity;sid:84288916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.114.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425814/; classtype:trojan-activity;sid:84288914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425813)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425813/; classtype:trojan-activity;sid:84288913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425812)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.170.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425812/; classtype:trojan-activity;sid:84288912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425811)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.251.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425811/; classtype:trojan-activity;sid:84288911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.118.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425810/; classtype:trojan-activity;sid:84288910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.97.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425809/; classtype:trojan-activity;sid:84288909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.166.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425807/; classtype:trojan-activity;sid:84288907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425806)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.92.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425806/; classtype:trojan-activity;sid:84288906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425802)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"niggabutt.lol"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425802/; classtype:trojan-activity;sid:84288902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425803)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"niggabutt.lol"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425803/; classtype:trojan-activity;sid:84288903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425804)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"niggabutt.lol"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425804/; classtype:trojan-activity;sid:84288904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425805)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"niggabutt.lol"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425805/; classtype:trojan-activity;sid:84288905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425794)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"niggabutt.lol"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425794/; classtype:trojan-activity;sid:84288894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425795)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"niggabutt.lol"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425795/; classtype:trojan-activity;sid:84288895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425796)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"niggabutt.lol"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425796/; classtype:trojan-activity;sid:84288896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425797)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"niggabutt.lol"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425797/; classtype:trojan-activity;sid:84288897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425798)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"niggabutt.lol"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425798/; classtype:trojan-activity;sid:84288898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425799)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"niggabutt.lol"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425799/; classtype:trojan-activity;sid:84288899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425800)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"niggabutt.lol"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425800/; classtype:trojan-activity;sid:84288900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425801)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"niggabutt.lol"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425801/; classtype:trojan-activity;sid:84288901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425793)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.86.155.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425793/; classtype:trojan-activity;sid:84288893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425791)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.86.155.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425791/; classtype:trojan-activity;sid:84288891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425792)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.86.155.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425792/; classtype:trojan-activity;sid:84288892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.140.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425790/; classtype:trojan-activity;sid:84288890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425787)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.86.155.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425787/; classtype:trojan-activity;sid:84288887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425788)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.86.155.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425788/; classtype:trojan-activity;sid:84288888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425789)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.86.155.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425789/; classtype:trojan-activity;sid:84288889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425781)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.86.155.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425781/; classtype:trojan-activity;sid:84288881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425782)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.86.155.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425782/; classtype:trojan-activity;sid:84288882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425783)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.86.155.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425783/; classtype:trojan-activity;sid:84288883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425784)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.86.155.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425784/; classtype:trojan-activity;sid:84288884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425785)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.86.155.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425785/; classtype:trojan-activity;sid:84288885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425786)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.86.155.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425786/; classtype:trojan-activity;sid:84288886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.97.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425780/; classtype:trojan-activity;sid:84288880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425779)"; flow:established,from_client; content:"GET"; http_method; content:"/jack5tr.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"195.177.95.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425779/; classtype:trojan-activity;sid:84288879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.188.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425778/; classtype:trojan-activity;sid:84288878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.85.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425776/; classtype:trojan-activity;sid:84288876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.53.27.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425777/; classtype:trojan-activity;sid:84288877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.54.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425775/; classtype:trojan-activity;sid:84288875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.166.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425774/; classtype:trojan-activity;sid:84288874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.7.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425773/; classtype:trojan-activity;sid:84288873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.160.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425772/; classtype:trojan-activity;sid:84288872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.20.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425771/; classtype:trojan-activity;sid:84288871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.87.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425770/; classtype:trojan-activity;sid:84288870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425769)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.187.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425769/; classtype:trojan-activity;sid:84288869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.160.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425768/; classtype:trojan-activity;sid:84288868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.246.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425767/; classtype:trojan-activity;sid:84288867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.53.27.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425766/; classtype:trojan-activity;sid:84288866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.214.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425765/; classtype:trojan-activity;sid:84288865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425764)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.17.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425764/; classtype:trojan-activity;sid:84288864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.25.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425763/; classtype:trojan-activity;sid:84288863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425762)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.33.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425762/; classtype:trojan-activity;sid:84288862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.134.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425761/; classtype:trojan-activity;sid:84288861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.44.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425760/; classtype:trojan-activity;sid:84288860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.7.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425759/; classtype:trojan-activity;sid:84288859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.48.107.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425757/; classtype:trojan-activity;sid:84288857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.9.47.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425758/; classtype:trojan-activity;sid:84288858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.157.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425756/; classtype:trojan-activity;sid:84288856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425755)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.160.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425755/; classtype:trojan-activity;sid:84288855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.154.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425754/; classtype:trojan-activity;sid:84288854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.133.108.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425753/; classtype:trojan-activity;sid:84288853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425738)"; flow:established,from_client; content:"GET"; http_method; content:"/main-linux-riscv64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"156.229.232.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425738/; classtype:trojan-activity;sid:84288838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425739)"; flow:established,from_client; content:"GET"; http_method; content:"/main-linux-arm-7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"156.229.232.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425739/; classtype:trojan-activity;sid:84288839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425740)"; flow:established,from_client; content:"GET"; http_method; content:"/main-linux-arm64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"156.229.232.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425740/; classtype:trojan-activity;sid:84288840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425741)"; flow:established,from_client; content:"GET"; http_method; content:"/main-linux-arm-5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"156.229.232.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425741/; classtype:trojan-activity;sid:84288841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425742)"; flow:established,from_client; content:"GET"; http_method; content:"/main-darwin-10.12-amd64"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"156.229.232.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425742/; classtype:trojan-activity;sid:84288842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425743)"; flow:established,from_client; content:"GET"; http_method; content:"/main-linux-mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"156.229.232.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425743/; classtype:trojan-activity;sid:84288843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425744)"; flow:established,from_client; content:"GET"; http_method; content:"/main-linux-386"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"156.229.232.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425744/; classtype:trojan-activity;sid:84288844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425745)"; flow:established,from_client; content:"GET"; http_method; content:"/main-darwin-10.12-arm64"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"156.229.232.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425745/; classtype:trojan-activity;sid:84288845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425746)"; flow:established,from_client; content:"GET"; http_method; content:"/main-linux-ppc64le"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"156.229.232.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425746/; classtype:trojan-activity;sid:84288846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425747)"; flow:established,from_client; content:"GET"; http_method; content:"/main-linux-mips64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"156.229.232.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425747/; classtype:trojan-activity;sid:84288847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425748)"; flow:established,from_client; content:"GET"; http_method; content:"/main-linux-mipsle"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"156.229.232.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425748/; classtype:trojan-activity;sid:84288848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425749)"; flow:established,from_client; content:"GET"; http_method; content:"/main-linux-s390x"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"156.229.232.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425749/; classtype:trojan-activity;sid:84288849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425750)"; flow:established,from_client; content:"GET"; http_method; content:"/main-linux-mips64le"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"156.229.232.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425750/; classtype:trojan-activity;sid:84288850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425751)"; flow:established,from_client; content:"GET"; http_method; content:"/main-linux-amd64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"156.229.232.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425751/; classtype:trojan-activity;sid:84288851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425752)"; flow:established,from_client; content:"GET"; http_method; content:"/main-linux-arm-6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"156.229.232.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425752/; classtype:trojan-activity;sid:84288852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.48.107.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425737/; classtype:trojan-activity;sid:84288837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.246.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425736/; classtype:trojan-activity;sid:84288836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.117.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425735/; classtype:trojan-activity;sid:84288835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.214.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425734/; classtype:trojan-activity;sid:84288834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.6.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425733/; classtype:trojan-activity;sid:84288833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.30.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425732/; classtype:trojan-activity;sid:84288832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425731)"; flow:established,from_client; content:"GET"; http_method; content:"/zufdripvvejszmwv"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"antbotsv3.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425731/; classtype:trojan-activity;sid:84288831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.100.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425730/; classtype:trojan-activity;sid:84288830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.163.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425729/; classtype:trojan-activity;sid:84288829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.237.167.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425728/; classtype:trojan-activity;sid:84288828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425727)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.70.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425727/; classtype:trojan-activity;sid:84288827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.100.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425726/; classtype:trojan-activity;sid:84288826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.237.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425725/; classtype:trojan-activity;sid:84288825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.30.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425724/; classtype:trojan-activity;sid:84288824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.250.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425723/; classtype:trojan-activity;sid:84288823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.129.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425721/; classtype:trojan-activity;sid:84288821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.240.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425722/; classtype:trojan-activity;sid:84288822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.6.91.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425720/; classtype:trojan-activity;sid:84288820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.109.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425719/; classtype:trojan-activity;sid:84288819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.45.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425718/; classtype:trojan-activity;sid:84288818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.231.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425717/; classtype:trojan-activity;sid:84288817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.87.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425716/; classtype:trojan-activity;sid:84288816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.131.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425715/; classtype:trojan-activity;sid:84288815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.240.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425714/; classtype:trojan-activity;sid:84288814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425712)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.142.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425712/; classtype:trojan-activity;sid:84288812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.237.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425713/; classtype:trojan-activity;sid:84288813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.151.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425711/; classtype:trojan-activity;sid:84288811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425710/; classtype:trojan-activity;sid:84288810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.15.14.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425709/; classtype:trojan-activity;sid:84288809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.129.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425708/; classtype:trojan-activity;sid:84288808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.109.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425707/; classtype:trojan-activity;sid:84288807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425706)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.86.16.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425706/; classtype:trojan-activity;sid:84288806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.94.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425705/; classtype:trojan-activity;sid:84288805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425704)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.22.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425704/; classtype:trojan-activity;sid:84288804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.99.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425703/; classtype:trojan-activity;sid:84288803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.60.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425702/; classtype:trojan-activity;sid:84288802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.250.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425700/; classtype:trojan-activity;sid:84288800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.203.0.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425701/; classtype:trojan-activity;sid:84288801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.6.91.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425698/; classtype:trojan-activity;sid:84288798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425699)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.45.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425699/; classtype:trojan-activity;sid:84288799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.151.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425697/; classtype:trojan-activity;sid:84288797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.231.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425696/; classtype:trojan-activity;sid:84288796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425694)"; flow:established,from_client; content:"GET"; http_method; content:"/awjsx.captcha"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"solve.vyzu.bet"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425694/; classtype:trojan-activity;sid:84288794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.94.142.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425695/; classtype:trojan-activity;sid:84288795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.175.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425693/; classtype:trojan-activity;sid:84288793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.169.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425692/; classtype:trojan-activity;sid:84288792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.30.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425691/; classtype:trojan-activity;sid:84288791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.99.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425690/; classtype:trojan-activity;sid:84288790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.171.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425689/; classtype:trojan-activity;sid:84288789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.84.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425688/; classtype:trojan-activity;sid:84288788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425687)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.45.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425687/; classtype:trojan-activity;sid:84288787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.169.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425686/; classtype:trojan-activity;sid:84288786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.94.142.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425685/; classtype:trojan-activity;sid:84288785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425684/; classtype:trojan-activity;sid:84288784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.45.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425683/; classtype:trojan-activity;sid:84288783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425680)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.20.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425680/; classtype:trojan-activity;sid:84288780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425681)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.208.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425681/; classtype:trojan-activity;sid:84288781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425682)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.103.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425682/; classtype:trojan-activity;sid:84288782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425679)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.83.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425679/; classtype:trojan-activity;sid:84288779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.218.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425678/; classtype:trojan-activity;sid:84288778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.93.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425677/; classtype:trojan-activity;sid:84288777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425676)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.2.62"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425676/; classtype:trojan-activity;sid:84288776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.176.101.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425675/; classtype:trojan-activity;sid:84288775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.149.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425674/; classtype:trojan-activity;sid:84288774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.53.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425673/; classtype:trojan-activity;sid:84288773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.251.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425672/; classtype:trojan-activity;sid:84288772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.187.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425671/; classtype:trojan-activity;sid:84288771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.153.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425670/; classtype:trojan-activity;sid:84288770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.95.102.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425669/; classtype:trojan-activity;sid:84288769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.18.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425668/; classtype:trojan-activity;sid:84288768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.93.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425667/; classtype:trojan-activity;sid:84288767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.197.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425666/; classtype:trojan-activity;sid:84288766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.102.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425665/; classtype:trojan-activity;sid:84288765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425664)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.26.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425664/; classtype:trojan-activity;sid:84288764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.121.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425663/; classtype:trojan-activity;sid:84288763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.251.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425662/; classtype:trojan-activity;sid:84288762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.67.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425661/; classtype:trojan-activity;sid:84288761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.247.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425660/; classtype:trojan-activity;sid:84288760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.187.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425659/; classtype:trojan-activity;sid:84288759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.197.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425658/; classtype:trojan-activity;sid:84288758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.44.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425657/; classtype:trojan-activity;sid:84288757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.149.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425656/; classtype:trojan-activity;sid:84288756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425655)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.226.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425655/; classtype:trojan-activity;sid:84288755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.176.101.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425654/; classtype:trojan-activity;sid:84288754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.47.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425653/; classtype:trojan-activity;sid:84288753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425652)"; flow:established,from_client; content:"GET"; http_method; content:"/awjsx.captcha"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"solve.reqy.bet"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425652/; classtype:trojan-activity;sid:84288752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425651)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.91.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425651/; classtype:trojan-activity;sid:84288751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.170.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425650/; classtype:trojan-activity;sid:84288750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.248.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425649/; classtype:trojan-activity;sid:84288749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.89.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425648/; classtype:trojan-activity;sid:84288748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425647)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.241.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425647/; classtype:trojan-activity;sid:84288747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.48.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425646/; classtype:trojan-activity;sid:84288746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.235.192.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425645/; classtype:trojan-activity;sid:84288745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.243.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425644/; classtype:trojan-activity;sid:84288744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.44.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425643/; classtype:trojan-activity;sid:84288743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425642)"; flow:established,from_client; content:"GET"; http_method; content:"/awjsx.captcha"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"solve.qlpb.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425642/; classtype:trojan-activity;sid:84288742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.235.192.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425641/; classtype:trojan-activity;sid:84288741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.84.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425640/; classtype:trojan-activity;sid:84288740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.48.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425639/; classtype:trojan-activity;sid:84288739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.243.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425638/; classtype:trojan-activity;sid:84288738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425637)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.250.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425637/; classtype:trojan-activity;sid:84288737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425635)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.35.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425635/; classtype:trojan-activity;sid:84288735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425636)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.33.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425636/; classtype:trojan-activity;sid:84288736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.85.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425634/; classtype:trojan-activity;sid:84288734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.56.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425633/; classtype:trojan-activity;sid:84288733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.10.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425632/; classtype:trojan-activity;sid:84288732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425631)"; flow:established,from_client; content:"GET"; http_method; content:"/sormvyhtejhgvbph"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"antbotsv3.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425631/; classtype:trojan-activity;sid:84288731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.84.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425630/; classtype:trojan-activity;sid:84288730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.244.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425629/; classtype:trojan-activity;sid:84288729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425628)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.187.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425628/; classtype:trojan-activity;sid:84288728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.136.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425627/; classtype:trojan-activity;sid:84288727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425626)"; flow:established,from_client; content:"GET"; http_method; content:"/sy5ff0nexy03vxay"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"antbotsv3.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425626/; classtype:trojan-activity;sid:84288726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.157.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425625/; classtype:trojan-activity;sid:84288725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.56.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425624/; classtype:trojan-activity;sid:84288724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425623)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.141.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425623/; classtype:trojan-activity;sid:84288723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425622)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.219.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425622/; classtype:trojan-activity;sid:84288722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.35.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425621/; classtype:trojan-activity;sid:84288721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.117.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425620/; classtype:trojan-activity;sid:84288720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425619)"; flow:established,from_client; content:"GET"; http_method; content:"/awjsx.captcha"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"solve.lnww.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425619/; classtype:trojan-activity;sid:84288719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425618)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.53.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425618/; classtype:trojan-activity;sid:84288718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425617)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.10.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425617/; classtype:trojan-activity;sid:84288717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425616)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.203.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425616/; classtype:trojan-activity;sid:84288716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425611)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.87.13.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425611/; classtype:trojan-activity;sid:84288711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425612)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.175.168.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425612/; classtype:trojan-activity;sid:84288712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425613/; classtype:trojan-activity;sid:84288713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.72.69.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425614/; classtype:trojan-activity;sid:84288714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425615)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.39.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425615/; classtype:trojan-activity;sid:84288715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425610)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.196.29.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425610/; classtype:trojan-activity;sid:84288710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425609)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.79.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425609/; classtype:trojan-activity;sid:84288709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.108.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425608/; classtype:trojan-activity;sid:84288708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425605)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.194.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425605/; classtype:trojan-activity;sid:84288705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425606)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.127.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425606/; classtype:trojan-activity;sid:84288706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425607)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.69.61.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425607/; classtype:trojan-activity;sid:84288707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.196.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425604/; classtype:trojan-activity;sid:84288704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425603)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.153.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425603/; classtype:trojan-activity;sid:84288703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.72.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425602/; classtype:trojan-activity;sid:84288702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425601/; classtype:trojan-activity;sid:84288701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.218.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425600/; classtype:trojan-activity;sid:84288700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.62.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425599/; classtype:trojan-activity;sid:84288699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.100.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425598/; classtype:trojan-activity;sid:84288698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.204.252.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425597/; classtype:trojan-activity;sid:84288697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.248.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425596/; classtype:trojan-activity;sid:84288696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.72.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425595/; classtype:trojan-activity;sid:84288695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425594)"; flow:established,from_client; content:"GET"; http_method; content:"/iky3svrkgzubdl2u"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"antbotsv3.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425594/; classtype:trojan-activity;sid:84288694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.200.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425593/; classtype:trojan-activity;sid:84288693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.45.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425592/; classtype:trojan-activity;sid:84288692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.39.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425591/; classtype:trojan-activity;sid:84288691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425590)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.212.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425590/; classtype:trojan-activity;sid:84288690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425589)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.56.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425589/; classtype:trojan-activity;sid:84288689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.10.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425588/; classtype:trojan-activity;sid:84288688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.136.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425587/; classtype:trojan-activity;sid:84288687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.248.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425586/; classtype:trojan-activity;sid:84288686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.30.61"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425585/; classtype:trojan-activity;sid:84288685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.94.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425584/; classtype:trojan-activity;sid:84288684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.100.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425583/; classtype:trojan-activity;sid:84288683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.89.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425582/; classtype:trojan-activity;sid:84288682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425580)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"8.219.212.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425580/; classtype:trojan-activity;sid:84288680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425581)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.159.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425581/; classtype:trojan-activity;sid:84288681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.8.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425579/; classtype:trojan-activity;sid:84288679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.155.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425578/; classtype:trojan-activity;sid:84288678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.86.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425577/; classtype:trojan-activity;sid:84288677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.196.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425576/; classtype:trojan-activity;sid:84288676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.39.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425575/; classtype:trojan-activity;sid:84288675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.10.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425574/; classtype:trojan-activity;sid:84288674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.66.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425573/; classtype:trojan-activity;sid:84288673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425572)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.40.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425572/; classtype:trojan-activity;sid:84288672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.94.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425571/; classtype:trojan-activity;sid:84288671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.131.60.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425570/; classtype:trojan-activity;sid:84288670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425569/; classtype:trojan-activity;sid:84288669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.209.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425568/; classtype:trojan-activity;sid:84288668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.64.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425567/; classtype:trojan-activity;sid:84288667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.8.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425566/; classtype:trojan-activity;sid:84288666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425564)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.235.181.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425564/; classtype:trojan-activity;sid:84288664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425565)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.97.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425565/; classtype:trojan-activity;sid:84288665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.26.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425563/; classtype:trojan-activity;sid:84288663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.10.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425562/; classtype:trojan-activity;sid:84288662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.82.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425560/; classtype:trojan-activity;sid:84288660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.94.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425561/; classtype:trojan-activity;sid:84288661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425559)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.87.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425559/; classtype:trojan-activity;sid:84288659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425558)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425558/; classtype:trojan-activity;sid:84288658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.210.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425557/; classtype:trojan-activity;sid:84288657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425556)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.83.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425556/; classtype:trojan-activity;sid:84288656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.26.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425555/; classtype:trojan-activity;sid:84288655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425554)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.90.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425554/; classtype:trojan-activity;sid:84288654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.134.132.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425553/; classtype:trojan-activity;sid:84288653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425551)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.82.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425551/; classtype:trojan-activity;sid:84288651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.87.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425552/; classtype:trojan-activity;sid:84288652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.234.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425550/; classtype:trojan-activity;sid:84288650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.188.80.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425549/; classtype:trojan-activity;sid:84288649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425548)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.214.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425548/; classtype:trojan-activity;sid:84288648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425547)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.200.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425547/; classtype:trojan-activity;sid:84288647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.165.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425546/; classtype:trojan-activity;sid:84288646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.189.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425545/; classtype:trojan-activity;sid:84288645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.134.132.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425544/; classtype:trojan-activity;sid:84288644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425542)"; flow:established,from_client; content:"GET"; http_method; content:"/cd/0/get/cjad2ickpbg12812rjvmhcychl-vriezb6wnwbuamq7zpb1tp1ltctthx45han1ukmq3h-ddaviy9powjczvjuwtvfqur9t3c0_fytmsdhrjyd6y4jced5hhah2l2lf0x2kmspa--gkgorqw87ouh4x8/file|3f|dl=1"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"uc5c1e236bf202c6c6f4b46c705b.dl.dropboxusercontent.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425542/; classtype:trojan-activity;sid:84288642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425543)"; flow:established,from_client; content:"GET"; http_method; content:"/mcjuxy86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"t2m.io"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425543/; classtype:trojan-activity;sid:84288643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.27.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425540/; classtype:trojan-activity;sid:84288640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.10.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425541/; classtype:trojan-activity;sid:84288641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"104.151.245.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425539/; classtype:trojan-activity;sid:84288639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425538)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425538/; classtype:trojan-activity;sid:84288638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.24.188.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425537/; classtype:trojan-activity;sid:84288637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425536)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.26.19"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425536/; classtype:trojan-activity;sid:84288636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.188.80.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425535/; classtype:trojan-activity;sid:84288635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.120.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425534/; classtype:trojan-activity;sid:84288634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.188.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425533/; classtype:trojan-activity;sid:84288633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425532)"; flow:established,from_client; content:"GET"; http_method; content:"/capcha.html"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"infobookingcenter.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425532/; classtype:trojan-activity;sid:84288632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425531)"; flow:established,from_client; content:"GET"; http_method; content:"/lkgnks"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"infobookingcenter.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425531/; classtype:trojan-activity;sid:84288631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.75.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425530/; classtype:trojan-activity;sid:84288630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.98.68"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425529/; classtype:trojan-activity;sid:84288629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425528)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.188.80.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425528/; classtype:trojan-activity;sid:84288628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.134.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425527/; classtype:trojan-activity;sid:84288627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.38.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425526/; classtype:trojan-activity;sid:84288626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425521)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425521/; classtype:trojan-activity;sid:84288621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425522)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.69.56.191"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425522/; classtype:trojan-activity;sid:84288622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425523)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.112.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425523/; classtype:trojan-activity;sid:84288623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425524)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.34.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425524/; classtype:trojan-activity;sid:84288624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425525)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.105.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425525/; classtype:trojan-activity;sid:84288625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425520)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425520/; classtype:trojan-activity;sid:84288620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425518)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.202.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425518/; classtype:trojan-activity;sid:84288618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425519)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.203.72.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425519/; classtype:trojan-activity;sid:84288619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.250.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425517/; classtype:trojan-activity;sid:84288617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425516)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.151.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425516/; classtype:trojan-activity;sid:84288616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.120.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425515/; classtype:trojan-activity;sid:84288615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.63.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425514/; classtype:trojan-activity;sid:84288614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425513)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.251.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425513/; classtype:trojan-activity;sid:84288613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425512)"; flow:established,from_client; content:"GET"; http_method; content:"/b2"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.136.43.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425512/; classtype:trojan-activity;sid:84288612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425511)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.38.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425511/; classtype:trojan-activity;sid:84288611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425510)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.19.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425510/; classtype:trojan-activity;sid:84288610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.250.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425509/; classtype:trojan-activity;sid:84288609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425508)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.142.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425508/; classtype:trojan-activity;sid:84288608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.81.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425507/; classtype:trojan-activity;sid:84288607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425506)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.20.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425506/; classtype:trojan-activity;sid:84288606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.213.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425505/; classtype:trojan-activity;sid:84288605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.210.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425504/; classtype:trojan-activity;sid:84288604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.4.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425503/; classtype:trojan-activity;sid:84288603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.250.57.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425501/; classtype:trojan-activity;sid:84288601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.2.96"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425502/; classtype:trojan-activity;sid:84288602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.185.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425500/; classtype:trojan-activity;sid:84288600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.81.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425499/; classtype:trojan-activity;sid:84288599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.82.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425498/; classtype:trojan-activity;sid:84288598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425496)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.225.162.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425496/; classtype:trojan-activity;sid:84288596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425497)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.232.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425497/; classtype:trojan-activity;sid:84288597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.19.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425495/; classtype:trojan-activity;sid:84288595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.2.96"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425494/; classtype:trojan-activity;sid:84288594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.65.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425493/; classtype:trojan-activity;sid:84288593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"67.214.245.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425492/; classtype:trojan-activity;sid:84288592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.227.7.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425491/; classtype:trojan-activity;sid:84288591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.89.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425490/; classtype:trojan-activity;sid:84288590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.4.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425489/; classtype:trojan-activity;sid:84288589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425488)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.250.57.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425488/; classtype:trojan-activity;sid:84288588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.63.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425487/; classtype:trojan-activity;sid:84288587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.82.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425486/; classtype:trojan-activity;sid:84288586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.226.168.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425485/; classtype:trojan-activity;sid:84288585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.62.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425484/; classtype:trojan-activity;sid:84288584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425483)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.206.50.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425483/; classtype:trojan-activity;sid:84288583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425482)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.186.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425482/; classtype:trojan-activity;sid:84288582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425481)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.103.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425481/; classtype:trojan-activity;sid:84288581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.226.168.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425480/; classtype:trojan-activity;sid:84288580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.144.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425479/; classtype:trojan-activity;sid:84288579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.89.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425478/; classtype:trojan-activity;sid:84288578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425477)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.214.245.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425477/; classtype:trojan-activity;sid:84288577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.108.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425476/; classtype:trojan-activity;sid:84288576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425475)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.136.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425475/; classtype:trojan-activity;sid:84288575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425474)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.141.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425474/; classtype:trojan-activity;sid:84288574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.65.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425473/; classtype:trojan-activity;sid:84288573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.4.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425472/; classtype:trojan-activity;sid:84288572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425471)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.19.58"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425471/; classtype:trojan-activity;sid:84288571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425470)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.167.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425470/; classtype:trojan-activity;sid:84288570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425463)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"204.76.203.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425463/; classtype:trojan-activity;sid:84288563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425464)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"204.76.203.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425464/; classtype:trojan-activity;sid:84288564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425465)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.167.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425465/; classtype:trojan-activity;sid:84288565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425466)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.167.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425466/; classtype:trojan-activity;sid:84288566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425467)"; flow:established,from_client; content:"GET"; http_method; content:"/ediaf.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.78.28.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425467/; classtype:trojan-activity;sid:84288567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425468)"; flow:established,from_client; content:"GET"; http_method; content:"/ediaf.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"80.78.28.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425468/; classtype:trojan-activity;sid:84288568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425469)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.62.226.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425469/; classtype:trojan-activity;sid:84288569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425459)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.50.80.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425459/; classtype:trojan-activity;sid:84288559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425460)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.m68"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"147.45.78.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425460/; classtype:trojan-activity;sid:84288560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425461)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.225.211.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425461/; classtype:trojan-activity;sid:84288561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425462)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.167.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425462/; classtype:trojan-activity;sid:84288562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425440)"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.13.151.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425440/; classtype:trojan-activity;sid:84288540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425441)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"204.76.203.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425441/; classtype:trojan-activity;sid:84288541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425442)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.95.159.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425442/; classtype:trojan-activity;sid:84288542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425443)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.167.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425443/; classtype:trojan-activity;sid:84288543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425444)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"195.177.95.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425444/; classtype:trojan-activity;sid:84288544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425445)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.78.28.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425445/; classtype:trojan-activity;sid:84288545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425446)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.50.80.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425446/; classtype:trojan-activity;sid:84288546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425447)"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.13.151.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425447/; classtype:trojan-activity;sid:84288547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425448)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.13.151.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425448/; classtype:trojan-activity;sid:84288548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425449)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.95.159.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425449/; classtype:trojan-activity;sid:84288549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425450)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.i686"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.95.159.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425450/; classtype:trojan-activity;sid:84288550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425451)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"74.50.80.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425451/; classtype:trojan-activity;sid:84288551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425452)"; flow:established,from_client; content:"GET"; http_method; content:"/ediaf.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.78.28.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425452/; classtype:trojan-activity;sid:84288552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425453)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"147.45.78.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425453/; classtype:trojan-activity;sid:84288553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425454)"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.armv61"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.13.151.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425454/; classtype:trojan-activity;sid:84288554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425455)"; flow:established,from_client; content:"GET"; http_method; content:"/ediaf.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"80.78.28.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425455/; classtype:trojan-activity;sid:84288555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425456)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.m68"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.95.159.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425456/; classtype:trojan-activity;sid:84288556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425457)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.i686"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"147.45.78.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425457/; classtype:trojan-activity;sid:84288557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425458)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.62.226.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425458/; classtype:trojan-activity;sid:84288558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425433)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.167.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425433/; classtype:trojan-activity;sid:84288533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425434)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.225.211.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425434/; classtype:trojan-activity;sid:84288534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425435)"; flow:established,from_client; content:"GET"; http_method; content:"/1738525441_75713fa165c680906ba75f98608f6127/firmware.safe.mips"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425435/; classtype:trojan-activity;sid:84288535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425436)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jhiqucwont70tywoipvmouutzbxyfasjwa"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"94.154.35.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425436/; classtype:trojan-activity;sid:84288536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425437)"; flow:established,from_client; content:"GET"; http_method; content:"/1738525441_75713fa165c680906ba75f98608f6127/firmware.safe.mips64"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425437/; classtype:trojan-activity;sid:84288537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425438)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.95.159.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425438/; classtype:trojan-activity;sid:84288538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425439)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"146.19.24.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425439/; classtype:trojan-activity;sid:84288539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425429)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tqxbqaukzlx4cj6yi6i3r69q1o2yv5w4j8"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"94.154.35.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425429/; classtype:trojan-activity;sid:84288529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425430)"; flow:established,from_client; content:"GET"; http_method; content:"/1738525441_75713fa165c680906ba75f98608f6127/firmware.safe.armv7l"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425430/; classtype:trojan-activity;sid:84288530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425431)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/carh11at05zol3nfiayk8ygxtr9cglmbdl"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"94.154.35.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425431/; classtype:trojan-activity;sid:84288531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425432)"; flow:established,from_client; content:"GET"; http_method; content:"/ediaf.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"80.78.28.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425432/; classtype:trojan-activity;sid:84288532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425407)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.167.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425407/; classtype:trojan-activity;sid:84288507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425408)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.95.159.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425408/; classtype:trojan-activity;sid:84288508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425409)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.167.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425409/; classtype:trojan-activity;sid:84288509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425410)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.95.159.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425410/; classtype:trojan-activity;sid:84288510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425411)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.95.159.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425411/; classtype:trojan-activity;sid:84288511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425412)"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.13.151.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425412/; classtype:trojan-activity;sid:84288512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425413)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.167.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425413/; classtype:trojan-activity;sid:84288513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425414)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"147.45.78.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425414/; classtype:trojan-activity;sid:84288514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425415)"; flow:established,from_client; content:"GET"; http_method; content:"/ediaf.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"80.78.28.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425415/; classtype:trojan-activity;sid:84288515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425416)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"147.45.78.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425416/; classtype:trojan-activity;sid:84288516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425417)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"147.45.78.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425417/; classtype:trojan-activity;sid:84288517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425418)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm4t"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.95.159.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425418/; classtype:trojan-activity;sid:84288518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425419)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.225.211.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425419/; classtype:trojan-activity;sid:84288519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425420)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.62.226.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425420/; classtype:trojan-activity;sid:84288520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425421)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.225.211.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425421/; classtype:trojan-activity;sid:84288521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425422)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.225.211.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425422/; classtype:trojan-activity;sid:84288522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425423)"; flow:established,from_client; content:"GET"; http_method; content:"/ediaf.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.78.28.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425423/; classtype:trojan-activity;sid:84288523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425424)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.62.226.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425424/; classtype:trojan-activity;sid:84288524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425425)"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.13.151.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425425/; classtype:trojan-activity;sid:84288525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425426)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.167.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425426/; classtype:trojan-activity;sid:84288526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425427)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.50.80.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425427/; classtype:trojan-activity;sid:84288527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425428)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"154.62.226.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425428/; classtype:trojan-activity;sid:84288528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425396)"; flow:established,from_client; content:"GET"; http_method; content:"/apache2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.13.151.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425396/; classtype:trojan-activity;sid:84288496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425397)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"74.50.80.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425397/; classtype:trojan-activity;sid:84288497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425398)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.225.211.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425398/; classtype:trojan-activity;sid:84288498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425399)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"146.19.24.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425399/; classtype:trojan-activity;sid:84288499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425400)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"147.45.78.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425400/; classtype:trojan-activity;sid:84288500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425401)"; flow:established,from_client; content:"GET"; http_method; content:"/ediaf.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"80.78.28.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425401/; classtype:trojan-activity;sid:84288501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425402)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm4t"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"147.45.78.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425402/; classtype:trojan-activity;sid:84288502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425403)"; flow:established,from_client; content:"GET"; http_method; content:"/ediaf.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.78.28.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425403/; classtype:trojan-activity;sid:84288503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425404)"; flow:established,from_client; content:"GET"; http_method; content:"/1738525441_75713fa165c680906ba75f98608f6127/firmware.safe.armv6l"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425404/; classtype:trojan-activity;sid:84288504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425405)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.62.226.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425405/; classtype:trojan-activity;sid:84288505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425406)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"147.45.78.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425406/; classtype:trojan-activity;sid:84288506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425393)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.167.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425393/; classtype:trojan-activity;sid:84288493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425394)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"204.76.203.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425394/; classtype:trojan-activity;sid:84288494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425395)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"204.76.203.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425395/; classtype:trojan-activity;sid:84288495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425390)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"154.62.226.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425390/; classtype:trojan-activity;sid:84288490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425391)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.167.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425391/; classtype:trojan-activity;sid:84288491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425392)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.167.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425392/; classtype:trojan-activity;sid:84288492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425389)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnccwuadkukzhclctqnlrnndcrjbvsv90y"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"94.154.35.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425389/; classtype:trojan-activity;sid:84288489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425385)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/b3x5qtu5uxspnf6y9zvw58iixqbxxigeht"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"94.154.35.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425385/; classtype:trojan-activity;sid:84288485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425386)"; flow:established,from_client; content:"GET"; http_method; content:"/1738525441_75713fa165c680906ba75f98608f6127/firmware.safe.mips.dbg"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425386/; classtype:trojan-activity;sid:84288486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425387)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.225.211.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425387/; classtype:trojan-activity;sid:84288487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425388)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.225.211.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425388/; classtype:trojan-activity;sid:84288488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425361)"; flow:established,from_client; content:"GET"; http_method; content:"/ediaf.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"80.78.28.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425361/; classtype:trojan-activity;sid:84288461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425362)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"74.50.80.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425362/; classtype:trojan-activity;sid:84288462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425363)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.167.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425363/; classtype:trojan-activity;sid:84288463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425364)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.50.80.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425364/; classtype:trojan-activity;sid:84288464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425365)"; flow:established,from_client; content:"GET"; http_method; content:"/1738525441_75713fa165c680906ba75f98608f6127/firmware.safe.armv5l"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425365/; classtype:trojan-activity;sid:84288465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425366)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"74.50.80.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425366/; classtype:trojan-activity;sid:84288466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425367)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"147.45.78.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425367/; classtype:trojan-activity;sid:84288467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425368)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/acmeclphglwpojlnmxqdp1nohfnxomndzt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"94.154.35.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425368/; classtype:trojan-activity;sid:84288468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425369)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/8nta22jqiywvckooqmfixu6e1kvtzmp1ff"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"94.154.35.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425369/; classtype:trojan-activity;sid:84288469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425370)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.167.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425370/; classtype:trojan-activity;sid:84288470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425371)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"147.45.78.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425371/; classtype:trojan-activity;sid:84288471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425372)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.50.80.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425372/; classtype:trojan-activity;sid:84288472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425373)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"147.45.78.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425373/; classtype:trojan-activity;sid:84288473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425374)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xfsi4qsokeaenweasyvi4rtmjw8ryebbkh"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"94.154.35.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425374/; classtype:trojan-activity;sid:84288474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425375)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.95.159.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425375/; classtype:trojan-activity;sid:84288475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425376)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.50.80.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425376/; classtype:trojan-activity;sid:84288476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425377)"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.13.151.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425377/; classtype:trojan-activity;sid:84288477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425378)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.95.159.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425378/; classtype:trojan-activity;sid:84288478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425379)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.95.159.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425379/; classtype:trojan-activity;sid:84288479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425380)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/a3a996jbvpdjy4003komarnhzbvdsqzimd"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"94.154.35.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425380/; classtype:trojan-activity;sid:84288480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425381)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"14.225.211.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425381/; classtype:trojan-activity;sid:84288481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425382)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"204.76.203.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425382/; classtype:trojan-activity;sid:84288482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425383)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.225.211.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425383/; classtype:trojan-activity;sid:84288483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425384)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.225.211.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425384/; classtype:trojan-activity;sid:84288484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425343)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"146.19.24.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425343/; classtype:trojan-activity;sid:84288443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425344)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"204.76.203.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425344/; classtype:trojan-activity;sid:84288444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425345)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"204.76.203.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425345/; classtype:trojan-activity;sid:84288445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425346)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"146.19.24.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425346/; classtype:trojan-activity;sid:84288446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425347)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.156.167.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425347/; classtype:trojan-activity;sid:84288447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425348)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.156.167.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425348/; classtype:trojan-activity;sid:84288448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425349)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.167.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425349/; classtype:trojan-activity;sid:84288449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425350)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"204.76.203.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425350/; classtype:trojan-activity;sid:84288450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425351)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.167.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425351/; classtype:trojan-activity;sid:84288451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425352)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"154.62.226.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425352/; classtype:trojan-activity;sid:84288452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425353)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lxvnrqawdx98lxiyjoormtav9qegr4yj6g"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"94.154.35.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425353/; classtype:trojan-activity;sid:84288453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425354)"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.13.151.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425354/; classtype:trojan-activity;sid:84288454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425355)"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.13.151.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425355/; classtype:trojan-activity;sid:84288455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425356)"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.i586"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.13.151.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425356/; classtype:trojan-activity;sid:84288456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425357)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.62.226.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425357/; classtype:trojan-activity;sid:84288457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425358)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.50.80.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425358/; classtype:trojan-activity;sid:84288458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425359)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.50.80.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425359/; classtype:trojan-activity;sid:84288459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425360)"; flow:established,from_client; content:"GET"; http_method; content:"/ediaf.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.78.28.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425360/; classtype:trojan-activity;sid:84288460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425341)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"146.19.24.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425341/; classtype:trojan-activity;sid:84288441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425342)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"146.19.24.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425342/; classtype:trojan-activity;sid:84288442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425335)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ny0oa4n3mbulsp0apbzu9mdhmnkimbyqfn"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"94.154.35.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425335/; classtype:trojan-activity;sid:84288435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425336)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zf2qw8k8kb09kuzme3uj3eehojczitmxon"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"94.154.35.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425336/; classtype:trojan-activity;sid:84288436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425337)"; flow:established,from_client; content:"GET"; http_method; content:"/1738525441_75713fa165c680906ba75f98608f6127/firmware.safe.mipsel"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425337/; classtype:trojan-activity;sid:84288437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425338)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ciu2jecovuo2utjefyynodk41e5xdtjypm"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"94.154.35.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425338/; classtype:trojan-activity;sid:84288438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425339)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/uq858u0elkepn6iih8abymp14rfltceoz0"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"94.154.35.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425339/; classtype:trojan-activity;sid:84288439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425340)"; flow:established,from_client; content:"GET"; http_method; content:"/1738525441_75713fa165c680906ba75f98608f6127/firmware.safe.armv4l"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425340/; classtype:trojan-activity;sid:84288440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.144.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425334/; classtype:trojan-activity;sid:84288434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.227.7.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425333/; classtype:trojan-activity;sid:84288433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.75.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425332/; classtype:trojan-activity;sid:84288432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.101.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425331/; classtype:trojan-activity;sid:84288431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.200.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425330/; classtype:trojan-activity;sid:84288430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425329)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.21.138"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425329/; classtype:trojan-activity;sid:84288429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.223.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425327/; classtype:trojan-activity;sid:84288427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425328)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.4.40"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425328/; classtype:trojan-activity;sid:84288428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.65.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425326/; classtype:trojan-activity;sid:84288426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425325)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.93.148.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425325/; classtype:trojan-activity;sid:84288425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425324)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.92.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425324/; classtype:trojan-activity;sid:84288424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425323)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.108.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425323/; classtype:trojan-activity;sid:84288423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.51.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425322/; classtype:trojan-activity;sid:84288422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.93.148.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425321/; classtype:trojan-activity;sid:84288421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.10.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425320/; classtype:trojan-activity;sid:84288420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425317)"; flow:established,from_client; content:"GET"; http_method; content:"/jackmyarmv5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.130.214.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425317/; classtype:trojan-activity;sid:84288417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425318)"; flow:established,from_client; content:"GET"; http_method; content:"/jackmysparc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.130.214.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425318/; classtype:trojan-activity;sid:84288418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425319)"; flow:established,from_client; content:"GET"; http_method; content:"/jackmypowerpc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.130.214.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425319/; classtype:trojan-activity;sid:84288419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425308)"; flow:established,from_client; content:"GET"; http_method; content:"/jackmyi686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.130.214.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425308/; classtype:trojan-activity;sid:84288408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425309)"; flow:established,from_client; content:"GET"; http_method; content:"/jackmymips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.130.214.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425309/; classtype:trojan-activity;sid:84288409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425310)"; flow:established,from_client; content:"GET"; http_method; content:"/jackmym86k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.130.214.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425310/; classtype:trojan-activity;sid:84288410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425311)"; flow:established,from_client; content:"GET"; http_method; content:"/jackmysh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.130.214.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425311/; classtype:trojan-activity;sid:84288411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425312)"; flow:established,from_client; content:"GET"; http_method; content:"/jackmyarmv4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.130.214.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425312/; classtype:trojan-activity;sid:84288412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425313)"; flow:established,from_client; content:"GET"; http_method; content:"/jackmyarmv6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.130.214.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425313/; classtype:trojan-activity;sid:84288413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425314)"; flow:established,from_client; content:"GET"; http_method; content:"/jackmyx86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.130.214.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425314/; classtype:trojan-activity;sid:84288414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425315)"; flow:established,from_client; content:"GET"; http_method; content:"/jackmymipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.130.214.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425315/; classtype:trojan-activity;sid:84288415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425316)"; flow:established,from_client; content:"GET"; http_method; content:"/jackmyi586"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.130.214.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425316/; classtype:trojan-activity;sid:84288416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425307)"; flow:established,from_client; content:"GET"; http_method; content:"/jackmypowerpc440"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.130.214.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425307/; classtype:trojan-activity;sid:84288407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425306)"; flow:established,from_client; content:"GET"; http_method; content:"/awjsx.captcha"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"solve.waqj.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425306/; classtype:trojan-activity;sid:84288406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.65.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425305/; classtype:trojan-activity;sid:84288405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.101.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425304/; classtype:trojan-activity;sid:84288404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.137.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425303/; classtype:trojan-activity;sid:84288403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.202.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425302/; classtype:trojan-activity;sid:84288402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.96.65.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425301/; classtype:trojan-activity;sid:84288401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425300)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.73.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425300/; classtype:trojan-activity;sid:84288400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425299)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.151.251.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425299/; classtype:trojan-activity;sid:84288399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.75.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425298/; classtype:trojan-activity;sid:84288398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.203.240.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425297/; classtype:trojan-activity;sid:84288397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.178.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425296/; classtype:trojan-activity;sid:84288396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.250.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425295/; classtype:trojan-activity;sid:84288395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.200.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425294/; classtype:trojan-activity;sid:84288394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425293)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.205.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425293/; classtype:trojan-activity;sid:84288393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425290)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.5.1.100"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425290/; classtype:trojan-activity;sid:84288390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425291)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.227.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425291/; classtype:trojan-activity;sid:84288391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425292)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.191.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425292/; classtype:trojan-activity;sid:84288392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425289)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425289/; classtype:trojan-activity;sid:84288389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425288)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.180.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425288/; classtype:trojan-activity;sid:84288388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425287)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.168.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425287/; classtype:trojan-activity;sid:84288387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425286)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.183.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425286/; classtype:trojan-activity;sid:84288386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.96.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425285/; classtype:trojan-activity;sid:84288385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.178.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425283/; classtype:trojan-activity;sid:84288383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.137.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425284/; classtype:trojan-activity;sid:84288384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.141.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425282/; classtype:trojan-activity;sid:84288382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.126.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425281/; classtype:trojan-activity;sid:84288381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425280)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"175.30.81.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425280/; classtype:trojan-activity;sid:84288380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.78.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425279/; classtype:trojan-activity;sid:84288379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.111.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425278/; classtype:trojan-activity;sid:84288378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.225.16.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425277/; classtype:trojan-activity;sid:84288377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425276)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.220.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425276/; classtype:trojan-activity;sid:84288376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.15.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425275/; classtype:trojan-activity;sid:84288375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.212.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425274/; classtype:trojan-activity;sid:84288374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.127.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425273/; classtype:trojan-activity;sid:84288373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.9.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425272/; classtype:trojan-activity;sid:84288372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.126.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425271/; classtype:trojan-activity;sid:84288371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.78.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425270/; classtype:trojan-activity;sid:84288370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425269)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.241.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425269/; classtype:trojan-activity;sid:84288369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425268)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.238.189.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425268/; classtype:trojan-activity;sid:84288368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.225.16.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425267/; classtype:trojan-activity;sid:84288367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.188.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425266/; classtype:trojan-activity;sid:84288366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.59.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425265/; classtype:trojan-activity;sid:84288365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.139.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425264/; classtype:trojan-activity;sid:84288364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.111.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425263/; classtype:trojan-activity;sid:84288363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.15.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425262/; classtype:trojan-activity;sid:84288362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.9.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425261/; classtype:trojan-activity;sid:84288361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.141.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425260/; classtype:trojan-activity;sid:84288360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.142.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425259/; classtype:trojan-activity;sid:84288359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425258)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.8.89"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425258/; classtype:trojan-activity;sid:84288358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425257)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.204.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425257/; classtype:trojan-activity;sid:84288357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.177.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425256/; classtype:trojan-activity;sid:84288356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425255)"; flow:established,from_client; content:"GET"; http_method; content:"/mcconnellsville.eml"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"authentications-safeguard.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425255/; classtype:trojan-activity;sid:84288355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425254)"; flow:established,from_client; content:"GET"; http_method; content:"/awjsx.captcha"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"solve.zexd.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425254/; classtype:trojan-activity;sid:84288354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.22.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425253/; classtype:trojan-activity;sid:84288353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.33.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425252/; classtype:trojan-activity;sid:84288352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.22.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425251/; classtype:trojan-activity;sid:84288351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.59.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425250/; classtype:trojan-activity;sid:84288350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425249)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.56.31.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425249/; classtype:trojan-activity;sid:84288349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425248)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.96.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425248/; classtype:trojan-activity;sid:84288348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.153.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425247/; classtype:trojan-activity;sid:84288347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.16.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425246/; classtype:trojan-activity;sid:84288346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425245)"; flow:established,from_client; content:"GET"; http_method; content:"/twix.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.219.239.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425245/; classtype:trojan-activity;sid:84288345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.142.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425244/; classtype:trojan-activity;sid:84288344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.186.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425243/; classtype:trojan-activity;sid:84288343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.133.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425242/; classtype:trojan-activity;sid:84288342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.19.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425240/; classtype:trojan-activity;sid:84288340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.52.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425241/; classtype:trojan-activity;sid:84288341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.242.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425239/; classtype:trojan-activity;sid:84288339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.16.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425238/; classtype:trojan-activity;sid:84288338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.19.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425237/; classtype:trojan-activity;sid:84288337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.211.68.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425236/; classtype:trojan-activity;sid:84288336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.18.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425235/; classtype:trojan-activity;sid:84288335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425234)"; flow:established,from_client; content:"GET"; http_method; content:"/captcha.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cf-unstable.media"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425234/; classtype:trojan-activity;sid:84288334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.64.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425233/; classtype:trojan-activity;sid:84288333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.18.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425231/; classtype:trojan-activity;sid:84288331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.242.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425232/; classtype:trojan-activity;sid:84288332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425230)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.52.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425230/; classtype:trojan-activity;sid:84288330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.180.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425229/; classtype:trojan-activity;sid:84288329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.195.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425228/; classtype:trojan-activity;sid:84288328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.17.155"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425227/; classtype:trojan-activity;sid:84288327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425226)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.68.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425226/; classtype:trojan-activity;sid:84288326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.31.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425225/; classtype:trojan-activity;sid:84288325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.243.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425224/; classtype:trojan-activity;sid:84288324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.185.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425223/; classtype:trojan-activity;sid:84288323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425222)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.178.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425222/; classtype:trojan-activity;sid:84288322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425221)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.138.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425221/; classtype:trojan-activity;sid:84288321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.77.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425220/; classtype:trojan-activity;sid:84288320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.235.251.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425219/; classtype:trojan-activity;sid:84288319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.64.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425218/; classtype:trojan-activity;sid:84288318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.108.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425217/; classtype:trojan-activity;sid:84288317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.18.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425216/; classtype:trojan-activity;sid:84288316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425212)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/ikpo.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425212/; classtype:trojan-activity;sid:84288312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425213)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/ik.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425213/; classtype:trojan-activity;sid:84288313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425214)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/laserl.ps1"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425214/; classtype:trojan-activity;sid:84288314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.150.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425215/; classtype:trojan-activity;sid:84288315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.88.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425211/; classtype:trojan-activity;sid:84288311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.211.68.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425210/; classtype:trojan-activity;sid:84288310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425208)"; flow:established,from_client; content:"GET"; http_method; content:"/awjsx.captcha"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"solve.gesz.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425208/; classtype:trojan-activity;sid:84288308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425209)"; flow:established,from_client; content:"GET"; http_method; content:"/today.vbs"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"myfileview1.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425209/; classtype:trojan-activity;sid:84288309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425207)"; flow:established,from_client; content:"GET"; http_method; content:"/r/jetmm/0"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425207/; classtype:trojan-activity;sid:84288307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.176.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425206/; classtype:trojan-activity;sid:84288306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.9.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425205/; classtype:trojan-activity;sid:84288305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.88.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425204/; classtype:trojan-activity;sid:84288304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.81.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425203/; classtype:trojan-activity;sid:84288303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.238.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425201/; classtype:trojan-activity;sid:84288301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.31.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425202/; classtype:trojan-activity;sid:84288302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.176.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425200/; classtype:trojan-activity;sid:84288300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.218.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425199/; classtype:trojan-activity;sid:84288299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425197)"; flow:established,from_client; content:"GET"; http_method; content:"/ukraine/invoce415.pdf"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"2.59.163.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425197/; classtype:trojan-activity;sid:84288297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425198)"; flow:established,from_client; content:"GET"; http_method; content:"/invoce415.pdf"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"2.59.163.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425198/; classtype:trojan-activity;sid:84288298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425196)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.24.32.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425196/; classtype:trojan-activity;sid:84288296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425195)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.40.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425195/; classtype:trojan-activity;sid:84288295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.150.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425194/; classtype:trojan-activity;sid:84288294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425187)"; flow:established,from_client; content:"GET"; http_method; content:"/jd93d22cb1/plugins/clip64.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"213.226.123.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425187/; classtype:trojan-activity;sid:84288287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425188)"; flow:established,from_client; content:"GET"; http_method; content:"/8kcnjd3da3/plugins/cred.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"62.204.41.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425188/; classtype:trojan-activity;sid:84288288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425189)"; flow:established,from_client; content:"GET"; http_method; content:"/jd93d22cb1/plugins/cred.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"213.226.123.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425189/; classtype:trojan-activity;sid:84288289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425190)"; flow:established,from_client; content:"GET"; http_method; content:"/7gjd0vs3d/plugins/cred.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"62.204.41.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425190/; classtype:trojan-activity;sid:84288290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425191)"; flow:established,from_client; content:"GET"; http_method; content:"/0bjdn2z/plugins/cred.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"45.9.74.80"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425191/; classtype:trojan-activity;sid:84288291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425192)"; flow:established,from_client; content:"GET"; http_method; content:"/df30hn4m/plugins/cred.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"212.118.43.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425192/; classtype:trojan-activity;sid:84288292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425183)"; flow:established,from_client; content:"GET"; http_method; content:"/fuad686337/tyu/refs/heads/main/page.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425183/; classtype:trojan-activity;sid:84288283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425184)"; flow:established,from_client; content:"GET"; http_method; content:"/client-built.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"5.252.74.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425184/; classtype:trojan-activity;sid:84288284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425185)"; flow:established,from_client; content:"GET"; http_method; content:"/team.vbs"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"myfileview1.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425185/; classtype:trojan-activity;sid:84288285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425186)"; flow:established,from_client; content:"GET"; http_method; content:"/fuad686337/tyu/refs/heads/main/filmwor.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425186/; classtype:trojan-activity;sid:84288286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425175)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/deal.pdf.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"myfileview1.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425175/; classtype:trojan-activity;sid:84288275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425176)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/past.hta"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"myfileview1.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425176/; classtype:trojan-activity;sid:84288276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425177)"; flow:established,from_client; content:"GET"; http_method; content:"/xpf_haxn7tk9bmagbjzd.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"54.78.192.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425177/; classtype:trojan-activity;sid:84288277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425178)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.237.15.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425178/; classtype:trojan-activity;sid:84288278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425179)"; flow:established,from_client; content:"GET"; http_method; content:"/http_80.bat"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"54.78.192.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425179/; classtype:trojan-activity;sid:84288279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425180)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pass.hta"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"myfileview1.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425180/; classtype:trojan-activity;sid:84288280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425181)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/melt.hta"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"myfileview1.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425181/; classtype:trojan-activity;sid:84288281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425182)"; flow:established,from_client; content:"GET"; http_method; content:"/xpf_haxn7tk9bmagbjzd%5b1%5d%20%e2%80%94%20%d0%ba%d0%be%d0%bf%d0%b8%d1%8f.txt"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"54.78.192.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425182/; classtype:trojan-activity;sid:84288282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425171)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/form.pdf.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"myfileview1.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425171/; classtype:trojan-activity;sid:84288271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425172)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pass.pdf.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"myfileview1.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425172/; classtype:trojan-activity;sid:84288272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425173)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/today.hta"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"myfileview1.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425173/; classtype:trojan-activity;sid:84288273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425174)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/deal.hta"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"myfileview1.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425174/; classtype:trojan-activity;sid:84288274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425169)"; flow:established,from_client; content:"GET"; http_method; content:"/f3920c55236c2636/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"212.34.148.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425169/; classtype:trojan-activity;sid:84288269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425170)"; flow:established,from_client; content:"GET"; http_method; content:"/awjsx.captcha"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"solve.nohz.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425170/; classtype:trojan-activity;sid:84288270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425161)"; flow:established,from_client; content:"GET"; http_method; content:"/70d63ca8a5be6cc3/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"95.215.207.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425161/; classtype:trojan-activity;sid:84288261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425162)"; flow:established,from_client; content:"GET"; http_method; content:"/70d63ca8a5be6cc3/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"95.215.207.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425162/; classtype:trojan-activity;sid:84288262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425163)"; flow:established,from_client; content:"GET"; http_method; content:"/4cadf15814a54569/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"185.196.10.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425163/; classtype:trojan-activity;sid:84288263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425164)"; flow:established,from_client; content:"GET"; http_method; content:"/4a4993f1399adf8e/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.215.85.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425164/; classtype:trojan-activity;sid:84288264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425165)"; flow:established,from_client; content:"GET"; http_method; content:"/70d63ca8a5be6cc3/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"95.215.207.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425165/; classtype:trojan-activity;sid:84288265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425166)"; flow:established,from_client; content:"GET"; http_method; content:"/5e0fc67937c1156b/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.217.197.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425166/; classtype:trojan-activity;sid:84288266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425167)"; flow:established,from_client; content:"GET"; http_method; content:"/f3920c55236c2636/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"212.34.148.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425167/; classtype:trojan-activity;sid:84288267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425168)"; flow:established,from_client; content:"GET"; http_method; content:"/download/powershell/"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"54.78.192.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425168/; classtype:trojan-activity;sid:84288268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.175.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425160/; classtype:trojan-activity;sid:84288260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.175.93.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425159/; classtype:trojan-activity;sid:84288259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.57.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425158/; classtype:trojan-activity;sid:84288258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.129.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425157/; classtype:trojan-activity;sid:84288257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.112.254.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425156/; classtype:trojan-activity;sid:84288256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.84.235"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425155/; classtype:trojan-activity;sid:84288255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.3.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425154/; classtype:trojan-activity;sid:84288254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.155.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425153/; classtype:trojan-activity;sid:84288253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425152)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.107.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425152/; classtype:trojan-activity;sid:84288252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.84.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425151/; classtype:trojan-activity;sid:84288251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.100.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425150/; classtype:trojan-activity;sid:84288250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.21.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425149/; classtype:trojan-activity;sid:84288249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.195.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425148/; classtype:trojan-activity;sid:84288248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.133.108.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425147/; classtype:trojan-activity;sid:84288247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425146)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.3.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425146/; classtype:trojan-activity;sid:84288246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425143)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.251.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425143/; classtype:trojan-activity;sid:84288243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425144)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.10.173.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425144/; classtype:trojan-activity;sid:84288244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425145)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425145/; classtype:trojan-activity;sid:84288245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425142)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.201.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425142/; classtype:trojan-activity;sid:84288242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425138)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.87.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425138/; classtype:trojan-activity;sid:84288238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.100.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425139/; classtype:trojan-activity;sid:84288239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425140)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.83.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425140/; classtype:trojan-activity;sid:84288240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425141)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.30.27.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425141/; classtype:trojan-activity;sid:84288241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425137)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.247.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425137/; classtype:trojan-activity;sid:84288237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.108.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425136/; classtype:trojan-activity;sid:84288236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.251.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425135/; classtype:trojan-activity;sid:84288235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.129.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425134/; classtype:trojan-activity;sid:84288234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.57.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425133/; classtype:trojan-activity;sid:84288233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.111.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425132/; classtype:trojan-activity;sid:84288232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.33.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425131/; classtype:trojan-activity;sid:84288231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.165.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425130/; classtype:trojan-activity;sid:84288230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.165.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425129/; classtype:trojan-activity;sid:84288229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.95.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425128/; classtype:trojan-activity;sid:84288228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425127)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.160.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425127/; classtype:trojan-activity;sid:84288227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.62.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425126/; classtype:trojan-activity;sid:84288226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.16.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425125/; classtype:trojan-activity;sid:84288225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.0.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425124/; classtype:trojan-activity;sid:84288224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.100.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425123/; classtype:trojan-activity;sid:84288223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.12.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425122/; classtype:trojan-activity;sid:84288222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.111.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425121/; classtype:trojan-activity;sid:84288221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.108.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425120/; classtype:trojan-activity;sid:84288220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.93.228.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425119/; classtype:trojan-activity;sid:84288219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425118)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.34.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425118/; classtype:trojan-activity;sid:84288218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.16.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425117/; classtype:trojan-activity;sid:84288217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.50.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425116/; classtype:trojan-activity;sid:84288216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.172.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425115/; classtype:trojan-activity;sid:84288215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.18.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425114/; classtype:trojan-activity;sid:84288214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.172.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425113/; classtype:trojan-activity;sid:84288213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.239.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425112/; classtype:trojan-activity;sid:84288212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.231.144.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425111/; classtype:trojan-activity;sid:84288211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.25.240"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425110/; classtype:trojan-activity;sid:84288210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.191.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425109/; classtype:trojan-activity;sid:84288209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.223.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425108/; classtype:trojan-activity;sid:84288208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.0.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425107/; classtype:trojan-activity;sid:84288207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425106)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.22.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425106/; classtype:trojan-activity;sid:84288206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.222.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425105/; classtype:trojan-activity;sid:84288205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.10.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425104/; classtype:trojan-activity;sid:84288204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425103)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.62.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425103/; classtype:trojan-activity;sid:84288203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.84.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425102/; classtype:trojan-activity;sid:84288202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.3.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425101/; classtype:trojan-activity;sid:84288201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.239.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425099/; classtype:trojan-activity;sid:84288199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.93.228.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425100/; classtype:trojan-activity;sid:84288200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.172.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425098/; classtype:trojan-activity;sid:84288198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.18.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425097/; classtype:trojan-activity;sid:84288197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.66.219"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425096/; classtype:trojan-activity;sid:84288196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.172.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425095/; classtype:trojan-activity;sid:84288195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.102.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425094/; classtype:trojan-activity;sid:84288194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.27.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425093/; classtype:trojan-activity;sid:84288193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.210.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425090/; classtype:trojan-activity;sid:84288190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.11.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425091/; classtype:trojan-activity;sid:84288191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.25.240"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425092/; classtype:trojan-activity;sid:84288192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.162.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425089/; classtype:trojan-activity;sid:84288189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.236.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425088/; classtype:trojan-activity;sid:84288188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.57.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425086/; classtype:trojan-activity;sid:84288186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.222.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425087/; classtype:trojan-activity;sid:84288187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.175.68.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425085/; classtype:trojan-activity;sid:84288185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.9.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425084/; classtype:trojan-activity;sid:84288184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425083)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.121.0.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425083/; classtype:trojan-activity;sid:84288183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.108.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425082/; classtype:trojan-activity;sid:84288182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.88.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425081/; classtype:trojan-activity;sid:84288181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425080)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.99.237"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425080/; classtype:trojan-activity;sid:84288180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.171.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425079/; classtype:trojan-activity;sid:84288179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.163.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425078/; classtype:trojan-activity;sid:84288178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.253.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425077/; classtype:trojan-activity;sid:84288177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.244.176.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425076/; classtype:trojan-activity;sid:84288176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425075)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.11.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425075/; classtype:trojan-activity;sid:84288175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.153.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425074/; classtype:trojan-activity;sid:84288174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.232.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425073/; classtype:trojan-activity;sid:84288173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.87.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425072/; classtype:trojan-activity;sid:84288172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.72.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425071/; classtype:trojan-activity;sid:84288171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.45.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425070/; classtype:trojan-activity;sid:84288170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.171.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425069/; classtype:trojan-activity;sid:84288169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.68.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425068/; classtype:trojan-activity;sid:84288168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.110.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425067/; classtype:trojan-activity;sid:84288167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.6.91.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425066/; classtype:trojan-activity;sid:84288166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.15.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425065/; classtype:trojan-activity;sid:84288165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.235.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425064/; classtype:trojan-activity;sid:84288164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.129.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425063/; classtype:trojan-activity;sid:84288163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.35.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425062/; classtype:trojan-activity;sid:84288162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"209.6.8.188"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425061/; classtype:trojan-activity;sid:84288161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.29.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425060/; classtype:trojan-activity;sid:84288160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425059)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.239.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425059/; classtype:trojan-activity;sid:84288159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.29.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425058/; classtype:trojan-activity;sid:84288158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.37.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425057/; classtype:trojan-activity;sid:84288157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.186.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425056/; classtype:trojan-activity;sid:84288156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.72.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425055/; classtype:trojan-activity;sid:84288155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425054)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"161.248.54.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425054/; classtype:trojan-activity;sid:84288154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425053)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.149.38.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425053/; classtype:trojan-activity;sid:84288153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.91.113.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425052/; classtype:trojan-activity;sid:84288152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.173.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425051/; classtype:trojan-activity;sid:84288151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.110.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425050/; classtype:trojan-activity;sid:84288150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425049)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"66.63.187.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425049/; classtype:trojan-activity;sid:84288149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"209.6.8.188"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425048/; classtype:trojan-activity;sid:84288148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.93.129.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425047/; classtype:trojan-activity;sid:84288147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.134.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425046/; classtype:trojan-activity;sid:84288146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.87.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425045/; classtype:trojan-activity;sid:84288145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425044)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.161.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425044/; classtype:trojan-activity;sid:84288144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425043)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.22.4.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425043/; classtype:trojan-activity;sid:84288143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.253.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425042/; classtype:trojan-activity;sid:84288142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.182.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425040/; classtype:trojan-activity;sid:84288140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425041)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.6.91.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425041/; classtype:trojan-activity;sid:84288141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425039)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.100.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425039/; classtype:trojan-activity;sid:84288139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.134.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425038/; classtype:trojan-activity;sid:84288138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.184.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425037/; classtype:trojan-activity;sid:84288137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.46.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425036/; classtype:trojan-activity;sid:84288136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.156.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425035/; classtype:trojan-activity;sid:84288135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.4.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425034/; classtype:trojan-activity;sid:84288134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.186.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425033/; classtype:trojan-activity;sid:84288133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.182.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425032/; classtype:trojan-activity;sid:84288132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425031/; classtype:trojan-activity;sid:84288131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425030)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.221.44.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425030/; classtype:trojan-activity;sid:84288130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.175.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425029/; classtype:trojan-activity;sid:84288129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.195.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425028/; classtype:trojan-activity;sid:84288128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.204.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425027/; classtype:trojan-activity;sid:84288127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.231.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425026/; classtype:trojan-activity;sid:84288126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.128.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425025/; classtype:trojan-activity;sid:84288125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425024/; classtype:trojan-activity;sid:84288124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.71.23.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425023/; classtype:trojan-activity;sid:84288123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.149.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425022/; classtype:trojan-activity;sid:84288122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.253.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425020/; classtype:trojan-activity;sid:84288120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.161.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425021/; classtype:trojan-activity;sid:84288121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.60.230.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425019/; classtype:trojan-activity;sid:84288119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.155.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425018/; classtype:trojan-activity;sid:84288118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.223.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425017/; classtype:trojan-activity;sid:84288117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.100.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425015/; classtype:trojan-activity;sid:84288115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.112.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425016/; classtype:trojan-activity;sid:84288116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.39.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425014/; classtype:trojan-activity;sid:84288114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.40.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425013/; classtype:trojan-activity;sid:84288113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.178.78.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425012/; classtype:trojan-activity;sid:84288112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.204.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425011/; classtype:trojan-activity;sid:84288111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425010)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425010/; classtype:trojan-activity;sid:84288110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.38.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425009/; classtype:trojan-activity;sid:84288109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.25.135.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425008/; classtype:trojan-activity;sid:84288108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.155.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425007/; classtype:trojan-activity;sid:84288107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.136.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425006/; classtype:trojan-activity;sid:84288106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425005)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.18.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425005/; classtype:trojan-activity;sid:84288105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.224.197.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425003/; classtype:trojan-activity;sid:84288103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.162.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425004/; classtype:trojan-activity;sid:84288104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425002)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.227.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425002/; classtype:trojan-activity;sid:84288102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.243.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425001/; classtype:trojan-activity;sid:84288101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.49.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425000/; classtype:trojan-activity;sid:84288100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424999/; classtype:trojan-activity;sid:84288099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.203.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424998/; classtype:trojan-activity;sid:84288098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.107.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424997/; classtype:trojan-activity;sid:84288097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.222.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424996/; classtype:trojan-activity;sid:84288096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.148.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424995/; classtype:trojan-activity;sid:84288095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.15.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424993/; classtype:trojan-activity;sid:84288093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.15.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424994/; classtype:trojan-activity;sid:84288094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.245.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424992/; classtype:trojan-activity;sid:84288092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.96.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424991/; classtype:trojan-activity;sid:84288091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.101.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424990/; classtype:trojan-activity;sid:84288090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424989)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.9.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424989/; classtype:trojan-activity;sid:84288089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.39.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424988/; classtype:trojan-activity;sid:84288088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424986)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.38.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424986/; classtype:trojan-activity;sid:84288086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.40.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424987/; classtype:trojan-activity;sid:84288087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.8.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424985/; classtype:trojan-activity;sid:84288085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.224.197.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424984/; classtype:trojan-activity;sid:84288084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.6.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424983/; classtype:trojan-activity;sid:84288083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424982)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.4.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424982/; classtype:trojan-activity;sid:84288082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.82.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424981/; classtype:trojan-activity;sid:84288081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.95.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424980/; classtype:trojan-activity;sid:84288080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.243.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424978/; classtype:trojan-activity;sid:84288078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.49.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424979/; classtype:trojan-activity;sid:84288079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.222.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424977/; classtype:trojan-activity;sid:84288077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.24.165.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424976/; classtype:trojan-activity;sid:84288076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.38.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424975/; classtype:trojan-activity;sid:84288075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.44.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424974/; classtype:trojan-activity;sid:84288074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.77.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424972/; classtype:trojan-activity;sid:84288072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.96.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424973/; classtype:trojan-activity;sid:84288073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.229.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424971/; classtype:trojan-activity;sid:84288071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.62.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424970/; classtype:trojan-activity;sid:84288070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.237.93.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424968/; classtype:trojan-activity;sid:84288068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.1.146"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424969/; classtype:trojan-activity;sid:84288069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.227.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424967/; classtype:trojan-activity;sid:84288067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.62.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424966/; classtype:trojan-activity;sid:84288066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.36.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424965/; classtype:trojan-activity;sid:84288065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.15.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424964/; classtype:trojan-activity;sid:84288064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424963)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.83.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424963/; classtype:trojan-activity;sid:84288063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.26.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424962/; classtype:trojan-activity;sid:84288062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.248.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424961/; classtype:trojan-activity;sid:84288061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.44.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424960/; classtype:trojan-activity;sid:84288060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424959)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.246.145.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424959/; classtype:trojan-activity;sid:84288059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.60.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424958/; classtype:trojan-activity;sid:84288058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.25.135.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424957/; classtype:trojan-activity;sid:84288057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.143.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424956/; classtype:trojan-activity;sid:84288056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.20.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424955/; classtype:trojan-activity;sid:84288055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.26.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424954/; classtype:trojan-activity;sid:84288054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.209.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424953/; classtype:trojan-activity;sid:84288053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424952)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.147.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424952/; classtype:trojan-activity;sid:84288052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424951)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.104.119.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424951/; classtype:trojan-activity;sid:84288051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424950/; classtype:trojan-activity;sid:84288050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.8.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424949/; classtype:trojan-activity;sid:84288049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.49.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424948/; classtype:trojan-activity;sid:84288048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.77.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424947/; classtype:trojan-activity;sid:84288047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.42.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424946/; classtype:trojan-activity;sid:84288046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424945)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.175.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424945/; classtype:trojan-activity;sid:84288045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.245.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424944/; classtype:trojan-activity;sid:84288044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.246.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424943/; classtype:trojan-activity;sid:84288043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424942)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.143.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424942/; classtype:trojan-activity;sid:84288042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.47.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424941/; classtype:trojan-activity;sid:84288041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424940)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.60.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424940/; classtype:trojan-activity;sid:84288040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.25.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424939/; classtype:trojan-activity;sid:84288039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.96.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424937/; classtype:trojan-activity;sid:84288037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424938)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.248.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424938/; classtype:trojan-activity;sid:84288038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.137.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424936/; classtype:trojan-activity;sid:84288036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.173.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424935/; classtype:trojan-activity;sid:84288035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.241.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424932/; classtype:trojan-activity;sid:84288032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.252.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424933/; classtype:trojan-activity;sid:84288033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.49.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424934/; classtype:trojan-activity;sid:84288034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.84.220.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424931/; classtype:trojan-activity;sid:84288031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424928)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.192.26.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424928/; classtype:trojan-activity;sid:84288028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424929)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.227.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424929/; classtype:trojan-activity;sid:84288029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424930)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.176.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424930/; classtype:trojan-activity;sid:84288030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.42.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424927/; classtype:trojan-activity;sid:84288027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424926/; classtype:trojan-activity;sid:84288026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.237.93.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424925/; classtype:trojan-activity;sid:84288025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.170.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424924/; classtype:trojan-activity;sid:84288024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.8.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424923/; classtype:trojan-activity;sid:84288023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.14.161"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424921/; classtype:trojan-activity;sid:84288021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.27.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424922/; classtype:trojan-activity;sid:84288022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424920)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.237.23.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424920/; classtype:trojan-activity;sid:84288020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.59.38.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424918/; classtype:trojan-activity;sid:84288018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.248.12.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424919/; classtype:trojan-activity;sid:84288019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424917)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.168.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424917/; classtype:trojan-activity;sid:84288017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424916)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.99.7.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424916/; classtype:trojan-activity;sid:84288016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.74.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424915/; classtype:trojan-activity;sid:84288015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.25.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424914/; classtype:trojan-activity;sid:84288014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.96.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424913/; classtype:trojan-activity;sid:84288013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.255.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424912/; classtype:trojan-activity;sid:84288012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.158.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424911/; classtype:trojan-activity;sid:84288011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"169.224.101.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424910/; classtype:trojan-activity;sid:84288010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.194.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424909/; classtype:trojan-activity;sid:84288009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424908)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.250.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424908/; classtype:trojan-activity;sid:84288008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.84.220.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424907/; classtype:trojan-activity;sid:84288007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.196.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424906/; classtype:trojan-activity;sid:84288006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.156.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424905/; classtype:trojan-activity;sid:84288005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424903)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.206.101.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424903/; classtype:trojan-activity;sid:84288003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.129.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424904/; classtype:trojan-activity;sid:84288004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424902)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.29.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424902/; classtype:trojan-activity;sid:84288002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.114.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424901/; classtype:trojan-activity;sid:84288001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.252.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424900/; classtype:trojan-activity;sid:84288000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.151.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424899/; classtype:trojan-activity;sid:84287999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.196.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424898/; classtype:trojan-activity;sid:84287998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.58.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424897/; classtype:trojan-activity;sid:84287997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.241.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424896/; classtype:trojan-activity;sid:84287996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.64.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424895/; classtype:trojan-activity;sid:84287995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.250.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424894/; classtype:trojan-activity;sid:84287994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.186.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424893/; classtype:trojan-activity;sid:84287993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.114.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424892/; classtype:trojan-activity;sid:84287992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.47.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424891/; classtype:trojan-activity;sid:84287991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424890)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.11.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424890/; classtype:trojan-activity;sid:84287990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.100.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424889/; classtype:trojan-activity;sid:84287989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.14.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424888/; classtype:trojan-activity;sid:84287988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.163.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424887/; classtype:trojan-activity;sid:84287987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.135.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424886/; classtype:trojan-activity;sid:84287986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.34.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424885/; classtype:trojan-activity;sid:84287985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.11.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424884/; classtype:trojan-activity;sid:84287984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.58.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424883/; classtype:trojan-activity;sid:84287983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424882)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.186.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424882/; classtype:trojan-activity;sid:84287982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424881)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.95.108.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424881/; classtype:trojan-activity;sid:84287981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424880)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.182.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424880/; classtype:trojan-activity;sid:84287980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.47.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424879/; classtype:trojan-activity;sid:84287979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424878)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.124.138.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424878/; classtype:trojan-activity;sid:84287978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.120.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3424877/; classtype:trojan-activity;sid:84287977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.30.61"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424876/; classtype:trojan-activity;sid:84287976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.188.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424875/; classtype:trojan-activity;sid:84287975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.151.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424874/; classtype:trojan-activity;sid:84287974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424873)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.10.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424873/; classtype:trojan-activity;sid:84287973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.10.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424872/; classtype:trojan-activity;sid:84287972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424871)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.83.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424871/; classtype:trojan-activity;sid:84287971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.8.38.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424870/; classtype:trojan-activity;sid:84287970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.118.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424869/; classtype:trojan-activity;sid:84287969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.79.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424868/; classtype:trojan-activity;sid:84287968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.137.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424867/; classtype:trojan-activity;sid:84287967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.88.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424865/; classtype:trojan-activity;sid:84287965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.233.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424866/; classtype:trojan-activity;sid:84287966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.228.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424864/; classtype:trojan-activity;sid:84287964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.73.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424863/; classtype:trojan-activity;sid:84287963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.99.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424862/; classtype:trojan-activity;sid:84287962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.77.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424861/; classtype:trojan-activity;sid:84287961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.99.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424860/; classtype:trojan-activity;sid:84287960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.1.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424859/; classtype:trojan-activity;sid:84287959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.245.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424858/; classtype:trojan-activity;sid:84287958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.8.38.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424857/; classtype:trojan-activity;sid:84287957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.165.234.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424856/; classtype:trojan-activity;sid:84287956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.120.174.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424855/; classtype:trojan-activity;sid:84287955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.212.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424854/; classtype:trojan-activity;sid:84287954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424853)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.143.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424853/; classtype:trojan-activity;sid:84287953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.157.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424852/; classtype:trojan-activity;sid:84287952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.169.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424851/; classtype:trojan-activity;sid:84287951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.165.234.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424850/; classtype:trojan-activity;sid:84287950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.60.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424849/; classtype:trojan-activity;sid:84287949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.137.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424848/; classtype:trojan-activity;sid:84287948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.27.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424847/; classtype:trojan-activity;sid:84287947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.96.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424846/; classtype:trojan-activity;sid:84287946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.34.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424845/; classtype:trojan-activity;sid:84287945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.96.255.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424844/; classtype:trojan-activity;sid:84287944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.56.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424843/; classtype:trojan-activity;sid:84287943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424842)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.88.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424842/; classtype:trojan-activity;sid:84287942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.243.192.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424841/; classtype:trojan-activity;sid:84287941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424840)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.79.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424840/; classtype:trojan-activity;sid:84287940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.120.174.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424839/; classtype:trojan-activity;sid:84287939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.199.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424838/; classtype:trojan-activity;sid:84287938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.169.234.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424836/; classtype:trojan-activity;sid:84287936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.12.187.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424837/; classtype:trojan-activity;sid:84287937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424835)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.74.250.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424835/; classtype:trojan-activity;sid:84287935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.96.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424834/; classtype:trojan-activity;sid:84287934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.85.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424833/; classtype:trojan-activity;sid:84287933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.243.192.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424832/; classtype:trojan-activity;sid:84287932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.169.234.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424831/; classtype:trojan-activity;sid:84287931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.233.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424829/; classtype:trojan-activity;sid:84287929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.173.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424830/; classtype:trojan-activity;sid:84287930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.137.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424828/; classtype:trojan-activity;sid:84287928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.57.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424827/; classtype:trojan-activity;sid:84287927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.187.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424826/; classtype:trojan-activity;sid:84287926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.138.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424825/; classtype:trojan-activity;sid:84287925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424823)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"198.2.85.240"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424823/; classtype:trojan-activity;sid:84287923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.199.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424824/; classtype:trojan-activity;sid:84287924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.3.10"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424821/; classtype:trojan-activity;sid:84287921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.94.154.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424822/; classtype:trojan-activity;sid:84287922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.138.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424820/; classtype:trojan-activity;sid:84287920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.43.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424818/; classtype:trojan-activity;sid:84287918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.184.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424819/; classtype:trojan-activity;sid:84287919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.69.43.221"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424817/; classtype:trojan-activity;sid:84287917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.52.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424816/; classtype:trojan-activity;sid:84287916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.85.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424814/; classtype:trojan-activity;sid:84287914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.21.130"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424815/; classtype:trojan-activity;sid:84287915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.55.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424813/; classtype:trojan-activity;sid:84287913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.27.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424812/; classtype:trojan-activity;sid:84287912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.142.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424810/; classtype:trojan-activity;sid:84287910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.45.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424811/; classtype:trojan-activity;sid:84287911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.250.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424809/; classtype:trojan-activity;sid:84287909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424807)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.64.155.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424807/; classtype:trojan-activity;sid:84287907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424808)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.161.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424808/; classtype:trojan-activity;sid:84287908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.87.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424806/; classtype:trojan-activity;sid:84287906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.94.154.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424805/; classtype:trojan-activity;sid:84287905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.60.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424804/; classtype:trojan-activity;sid:84287904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.113.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424803/; classtype:trojan-activity;sid:84287903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424802)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.106.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424802/; classtype:trojan-activity;sid:84287902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424801)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.133.121.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424801/; classtype:trojan-activity;sid:84287901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.41.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424800/; classtype:trojan-activity;sid:84287900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.52.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424799/; classtype:trojan-activity;sid:84287899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.149.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424798/; classtype:trojan-activity;sid:84287898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.166.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424796/; classtype:trojan-activity;sid:84287896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.3.10"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424797/; classtype:trojan-activity;sid:84287897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.245.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424795/; classtype:trojan-activity;sid:84287895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.250.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424794/; classtype:trojan-activity;sid:84287894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.132.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424793/; classtype:trojan-activity;sid:84287893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.74.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424792/; classtype:trojan-activity;sid:84287892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.250.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424791/; classtype:trojan-activity;sid:84287891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424790)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.65.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424790/; classtype:trojan-activity;sid:84287890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424789)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.137.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424789/; classtype:trojan-activity;sid:84287889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.156.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424787/; classtype:trojan-activity;sid:84287887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.87.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424788/; classtype:trojan-activity;sid:84287888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424786)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.149.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424786/; classtype:trojan-activity;sid:84287886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.252.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424785/; classtype:trojan-activity;sid:84287885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.149.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424784/; classtype:trojan-activity;sid:84287884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.82.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424783/; classtype:trojan-activity;sid:84287883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.41.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424781/; classtype:trojan-activity;sid:84287881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.82.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424782/; classtype:trojan-activity;sid:84287882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.166.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424780/; classtype:trojan-activity;sid:84287880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.123.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424779/; classtype:trojan-activity;sid:84287879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.250.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424777/; classtype:trojan-activity;sid:84287877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.35.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424778/; classtype:trojan-activity;sid:84287878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.113.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424776/; classtype:trojan-activity;sid:84287876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.30.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424775/; classtype:trojan-activity;sid:84287875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.74.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424774/; classtype:trojan-activity;sid:84287874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.229.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424773/; classtype:trojan-activity;sid:84287873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.15.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424772/; classtype:trojan-activity;sid:84287872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424771)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.112.254.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424771/; classtype:trojan-activity;sid:84287871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.78.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424770/; classtype:trojan-activity;sid:84287870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424769)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.182.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424769/; classtype:trojan-activity;sid:84287869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.137.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424768/; classtype:trojan-activity;sid:84287868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424767/; classtype:trojan-activity;sid:84287867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.151.245.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424766/; classtype:trojan-activity;sid:84287866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.15.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424764/; classtype:trojan-activity;sid:84287864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.138.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424765/; classtype:trojan-activity;sid:84287865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424763)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.119.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424763/; classtype:trojan-activity;sid:84287863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.250.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424761/; classtype:trojan-activity;sid:84287861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424762)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.209.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424762/; classtype:trojan-activity;sid:84287862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424760)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424760/; classtype:trojan-activity;sid:84287860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424758)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.115.89.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424758/; classtype:trojan-activity;sid:84287858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424759)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.208.104.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424759/; classtype:trojan-activity;sid:84287859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424757)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.208.231.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424757/; classtype:trojan-activity;sid:84287857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424756)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.45.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424756/; classtype:trojan-activity;sid:84287856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424755)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.41.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424755/; classtype:trojan-activity;sid:84287855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424753)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.172.38.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424753/; classtype:trojan-activity;sid:84287853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424754)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.93.57.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424754/; classtype:trojan-activity;sid:84287854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.229.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424749/; classtype:trojan-activity;sid:84287849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.240.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424750/; classtype:trojan-activity;sid:84287850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424751)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424751/; classtype:trojan-activity;sid:84287851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.88.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424752/; classtype:trojan-activity;sid:84287852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424748)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.179.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424748/; classtype:trojan-activity;sid:84287848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.30.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424747/; classtype:trojan-activity;sid:84287847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.169.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424745/; classtype:trojan-activity;sid:84287845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.239.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424746/; classtype:trojan-activity;sid:84287846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.146.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424744/; classtype:trojan-activity;sid:84287844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.123.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424743/; classtype:trojan-activity;sid:84287843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.22.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424742/; classtype:trojan-activity;sid:84287842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.219.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424741/; classtype:trojan-activity;sid:84287841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.31.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424740/; classtype:trojan-activity;sid:84287840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.227.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424739/; classtype:trojan-activity;sid:84287839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.81.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424738/; classtype:trojan-activity;sid:84287838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424737)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.250.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424737/; classtype:trojan-activity;sid:84287837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.29.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424736/; classtype:trojan-activity;sid:84287836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.149.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424735/; classtype:trojan-activity;sid:84287835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.44.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424734/; classtype:trojan-activity;sid:84287834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.85.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424733/; classtype:trojan-activity;sid:84287833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424731/; classtype:trojan-activity;sid:84287831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.149.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424732/; classtype:trojan-activity;sid:84287832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.10.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424730/; classtype:trojan-activity;sid:84287830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.81.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424729/; classtype:trojan-activity;sid:84287829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424728/; classtype:trojan-activity;sid:84287828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.245.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424727/; classtype:trojan-activity;sid:84287827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.24.167.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424726/; classtype:trojan-activity;sid:84287826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.22.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424725/; classtype:trojan-activity;sid:84287825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.146.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424724/; classtype:trojan-activity;sid:84287824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.227.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424723/; classtype:trojan-activity;sid:84287823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.219.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424722/; classtype:trojan-activity;sid:84287822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.10.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424721/; classtype:trojan-activity;sid:84287821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.205.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424720/; classtype:trojan-activity;sid:84287820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.151.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424718/; classtype:trojan-activity;sid:84287818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.114.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424719/; classtype:trojan-activity;sid:84287819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.18.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424717/; classtype:trojan-activity;sid:84287817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.248.12.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424716/; classtype:trojan-activity;sid:84287816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.29.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424715/; classtype:trojan-activity;sid:84287815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.204.239.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424714/; classtype:trojan-activity;sid:84287814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.161.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424712/; classtype:trojan-activity;sid:84287812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.90.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424713/; classtype:trojan-activity;sid:84287813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.227.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424711/; classtype:trojan-activity;sid:84287811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.244.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424710/; classtype:trojan-activity;sid:84287810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.24.169.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424709/; classtype:trojan-activity;sid:84287809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.100.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424708/; classtype:trojan-activity;sid:84287808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.81.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424707/; classtype:trojan-activity;sid:84287807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.167.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424706/; classtype:trojan-activity;sid:84287806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.53.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424705/; classtype:trojan-activity;sid:84287805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.234.247.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424704/; classtype:trojan-activity;sid:84287804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424703)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.90.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424703/; classtype:trojan-activity;sid:84287803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424702)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.50.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424702/; classtype:trojan-activity;sid:84287802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.215.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424701/; classtype:trojan-activity;sid:84287801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.161.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424700/; classtype:trojan-activity;sid:84287800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424699)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.24.169.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424699/; classtype:trojan-activity;sid:84287799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.100.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424698/; classtype:trojan-activity;sid:84287798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.244.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424697/; classtype:trojan-activity;sid:84287797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.85.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424696/; classtype:trojan-activity;sid:84287796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.175.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424695/; classtype:trojan-activity;sid:84287795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.215.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424694/; classtype:trojan-activity;sid:84287794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.165.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424693/; classtype:trojan-activity;sid:84287793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.234.247.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424692/; classtype:trojan-activity;sid:84287792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.23.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424691/; classtype:trojan-activity;sid:84287791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424690)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.11.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424690/; classtype:trojan-activity;sid:84287790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.91.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424689/; classtype:trojan-activity;sid:84287789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.70.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424688/; classtype:trojan-activity;sid:84287788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.39.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424687/; classtype:trojan-activity;sid:84287787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.215.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424686/; classtype:trojan-activity;sid:84287786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.175.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424685/; classtype:trojan-activity;sid:84287785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.178.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424684/; classtype:trojan-activity;sid:84287784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.21.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424683/; classtype:trojan-activity;sid:84287783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.70.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424682/; classtype:trojan-activity;sid:84287782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.49.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424681/; classtype:trojan-activity;sid:84287781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.161.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424680/; classtype:trojan-activity;sid:84287780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.215.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424679/; classtype:trojan-activity;sid:84287779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.73.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424678/; classtype:trojan-activity;sid:84287778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"99.216.33.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424677/; classtype:trojan-activity;sid:84287777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.23.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424676/; classtype:trojan-activity;sid:84287776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424675)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.27.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424675/; classtype:trojan-activity;sid:84287775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424674)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.39.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424674/; classtype:trojan-activity;sid:84287774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424673)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.246.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424673/; classtype:trojan-activity;sid:84287773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.207.174.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424672/; classtype:trojan-activity;sid:84287772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.178.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424671/; classtype:trojan-activity;sid:84287771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.73.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424670/; classtype:trojan-activity;sid:84287770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.35.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424669/; classtype:trojan-activity;sid:84287769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.78.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424668/; classtype:trojan-activity;sid:84287768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.21.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424667/; classtype:trojan-activity;sid:84287767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.33.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424665/; classtype:trojan-activity;sid:84287765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.87.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424666/; classtype:trojan-activity;sid:84287766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424664)"; flow:established,from_client; content:"GET"; http_method; content:"/check-it/report"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"littlemtlogistics.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424664/; classtype:trojan-activity;sid:84287764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424662)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/agingreport.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"147.45.50.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424662/; classtype:trojan-activity;sid:84287762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424663)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/444.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"212.192.14.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424663/; classtype:trojan-activity;sid:84287763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.56.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424661/; classtype:trojan-activity;sid:84287761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.207.174.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424660/; classtype:trojan-activity;sid:84287760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.147.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424659/; classtype:trojan-activity;sid:84287759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.199.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424658/; classtype:trojan-activity;sid:84287758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424652)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/today.hta"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"195.66.213.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424652/; classtype:trojan-activity;sid:84287752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424653)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/deal.hta"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"195.66.213.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424653/; classtype:trojan-activity;sid:84287753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424654)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/past.hta"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"195.66.213.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424654/; classtype:trojan-activity;sid:84287754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424655)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pass.pdf.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"195.66.213.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424655/; classtype:trojan-activity;sid:84287755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424656)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/deal.pdf.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"195.66.213.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424656/; classtype:trojan-activity;sid:84287756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.107.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424657/; classtype:trojan-activity;sid:84287757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424650)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/melt.hta"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"195.66.213.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424650/; classtype:trojan-activity;sid:84287750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424651)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/form.pdf.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"195.66.213.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424651/; classtype:trojan-activity;sid:84287751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424649)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424649/; classtype:trojan-activity;sid:84287749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.240.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424648/; classtype:trojan-activity;sid:84287748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424647)"; flow:established,from_client; content:"GET"; http_method; content:"/smp/appinstaller.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"atlantida.team"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424647/; classtype:trojan-activity;sid:84287747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424646/; classtype:trojan-activity;sid:84287746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.92.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424645/; classtype:trojan-activity;sid:84287745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424644)"; flow:established,from_client; content:"GET"; http_method; content:"/fork/setup315.msi"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hq-office.us"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424644/; classtype:trojan-activity;sid:84287744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.49.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424643/; classtype:trojan-activity;sid:84287743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.197.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424641/; classtype:trojan-activity;sid:84287741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.2.202"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424642/; classtype:trojan-activity;sid:84287742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.237.23.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424638/; classtype:trojan-activity;sid:84287738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.156.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424639/; classtype:trojan-activity;sid:84287739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.55.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424640/; classtype:trojan-activity;sid:84287740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424636)"; flow:established,from_client; content:"GET"; http_method; content:"/awjsx.captcha"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"solve.nrxk.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424636/; classtype:trojan-activity;sid:84287736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.103.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424637/; classtype:trojan-activity;sid:84287737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424635)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.123.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424635/; classtype:trojan-activity;sid:84287735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424633)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.174.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424633/; classtype:trojan-activity;sid:84287733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424634)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.168.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424634/; classtype:trojan-activity;sid:84287734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.15.14.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424632/; classtype:trojan-activity;sid:84287732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.123.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424631/; classtype:trojan-activity;sid:84287731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.93.57.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424630/; classtype:trojan-activity;sid:84287730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.14.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424628/; classtype:trojan-activity;sid:84287728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.26.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424629/; classtype:trojan-activity;sid:84287729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.75.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424627/; classtype:trojan-activity;sid:84287727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.177.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424626/; classtype:trojan-activity;sid:84287726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.57.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424625/; classtype:trojan-activity;sid:84287725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424624/; classtype:trojan-activity;sid:84287724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424615)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424615/; classtype:trojan-activity;sid:84287715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424616)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.205.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424616/; classtype:trojan-activity;sid:84287716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424617)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.232.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424617/; classtype:trojan-activity;sid:84287717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424618)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.167.204.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424618/; classtype:trojan-activity;sid:84287718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424619)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.21.160.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424619/; classtype:trojan-activity;sid:84287719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424620)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.21.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424620/; classtype:trojan-activity;sid:84287720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424621)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.124.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424621/; classtype:trojan-activity;sid:84287721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424622)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.147.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424622/; classtype:trojan-activity;sid:84287722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424623)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.58.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424623/; classtype:trojan-activity;sid:84287723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.76.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424614/; classtype:trojan-activity;sid:84287714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424611)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.0.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424611/; classtype:trojan-activity;sid:84287711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424612)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.156.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424612/; classtype:trojan-activity;sid:84287712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.213.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424613/; classtype:trojan-activity;sid:84287713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424606)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.74.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424606/; classtype:trojan-activity;sid:84287706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424607)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424607/; classtype:trojan-activity;sid:84287707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.24.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424608/; classtype:trojan-activity;sid:84287708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424609)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424609/; classtype:trojan-activity;sid:84287709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424610)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424610/; classtype:trojan-activity;sid:84287710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424605)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.178.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424605/; classtype:trojan-activity;sid:84287705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424604)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.137.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424604/; classtype:trojan-activity;sid:84287704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.103.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424602/; classtype:trojan-activity;sid:84287702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.2.202"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424603/; classtype:trojan-activity;sid:84287703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.62.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424601/; classtype:trojan-activity;sid:84287701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.123.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424600/; classtype:trojan-activity;sid:84287700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424599)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.100.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424599/; classtype:trojan-activity;sid:84287699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.235.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424597/; classtype:trojan-activity;sid:84287697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.14.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424598/; classtype:trojan-activity;sid:84287698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.184.11.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424596/; classtype:trojan-activity;sid:84287696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.112.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424595/; classtype:trojan-activity;sid:84287695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.160.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424593/; classtype:trojan-activity;sid:84287693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.87.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424594/; classtype:trojan-activity;sid:84287694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.163.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424592/; classtype:trojan-activity;sid:84287692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424582)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"24.199.116.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424582/; classtype:trojan-activity;sid:84287682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424583)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"24.199.116.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424583/; classtype:trojan-activity;sid:84287683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424584)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"24.199.116.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424584/; classtype:trojan-activity;sid:84287684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424585)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"24.199.116.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424585/; classtype:trojan-activity;sid:84287685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424586)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.sparc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"24.199.116.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424586/; classtype:trojan-activity;sid:84287686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424587)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"24.199.116.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424587/; classtype:trojan-activity;sid:84287687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424588)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"24.199.116.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424588/; classtype:trojan-activity;sid:84287688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424589)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"24.199.116.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424589/; classtype:trojan-activity;sid:84287689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424590)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"24.199.116.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424590/; classtype:trojan-activity;sid:84287690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424591)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"24.199.116.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424591/; classtype:trojan-activity;sid:84287691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424581)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.238.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424581/; classtype:trojan-activity;sid:84287681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424580)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.67.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424580/; classtype:trojan-activity;sid:84287680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424579)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424579/; classtype:trojan-activity;sid:84287679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.186.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424577/; classtype:trojan-activity;sid:84287677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.16.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424578/; classtype:trojan-activity;sid:84287678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.22.117"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424576/; classtype:trojan-activity;sid:84287676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424565)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nvm.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"194.85.251.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424565/; classtype:trojan-activity;sid:84287665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424566)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nvm.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"194.85.251.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424566/; classtype:trojan-activity;sid:84287666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424567)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nvm.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"194.85.251.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424567/; classtype:trojan-activity;sid:84287667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424568)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nvm.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"194.85.251.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424568/; classtype:trojan-activity;sid:84287668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424569)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nvm.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"194.85.251.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424569/; classtype:trojan-activity;sid:84287669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424570)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nvm.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"194.85.251.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424570/; classtype:trojan-activity;sid:84287670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424571)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nvm.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"194.85.251.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424571/; classtype:trojan-activity;sid:84287671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424572)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nvm.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"194.85.251.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424572/; classtype:trojan-activity;sid:84287672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424573)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nvm.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"194.85.251.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424573/; classtype:trojan-activity;sid:84287673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424574)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nvm.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"194.85.251.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424574/; classtype:trojan-activity;sid:84287674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424575)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nvm.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"194.85.251.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424575/; classtype:trojan-activity;sid:84287675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.235.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424564/; classtype:trojan-activity;sid:84287664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424556)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.224.0.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424556/; classtype:trojan-activity;sid:84287656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424557)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.224.0.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424557/; classtype:trojan-activity;sid:84287657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424558)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl.b"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.224.0.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424558/; classtype:trojan-activity;sid:84287658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424559)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.224.0.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424559/; classtype:trojan-activity;sid:84287659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424560)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.224.0.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424560/; classtype:trojan-activity;sid:84287660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424561)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5.b"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.224.0.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424561/; classtype:trojan-activity;sid:84287661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424562)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm.b"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.224.0.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424562/; classtype:trojan-activity;sid:84287662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424563)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7.b"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.224.0.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424563/; classtype:trojan-activity;sid:84287663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424549)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.224.0.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424549/; classtype:trojan-activity;sid:84287649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424550)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.224.0.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424550/; classtype:trojan-activity;sid:84287650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424551)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.224.0.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424551/; classtype:trojan-activity;sid:84287651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424552)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.224.0.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424552/; classtype:trojan-activity;sid:84287652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424553)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.224.0.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424553/; classtype:trojan-activity;sid:84287653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424554)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.224.0.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424554/; classtype:trojan-activity;sid:84287654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424555)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zgp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.224.0.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424555/; classtype:trojan-activity;sid:84287655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.43.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424548/; classtype:trojan-activity;sid:84287648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.243.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424547/; classtype:trojan-activity;sid:84287647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.160.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424546/; classtype:trojan-activity;sid:84287646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.184.11.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424545/; classtype:trojan-activity;sid:84287645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424537)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"148.135.23.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424537/; classtype:trojan-activity;sid:84287637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424538)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.43.166.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424538/; classtype:trojan-activity;sid:84287638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424539)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"60.19.13.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424539/; classtype:trojan-activity;sid:84287639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424540)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"111.173.104.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424540/; classtype:trojan-activity;sid:84287640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424541)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.192.96.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424541/; classtype:trojan-activity;sid:84287641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424542)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.192.96.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424542/; classtype:trojan-activity;sid:84287642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424543)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"123.136.93.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424543/; classtype:trojan-activity;sid:84287643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424544)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.50.178.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424544/; classtype:trojan-activity;sid:84287644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.240.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424536/; classtype:trojan-activity;sid:84287636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.147.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424535/; classtype:trojan-activity;sid:84287635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.164.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424534/; classtype:trojan-activity;sid:84287634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424533)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.248.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424533/; classtype:trojan-activity;sid:84287633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.47.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424532/; classtype:trojan-activity;sid:84287632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.103.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424531/; classtype:trojan-activity;sid:84287631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424530)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.230.34.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424530/; classtype:trojan-activity;sid:84287630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424529)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.182.148.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424529/; classtype:trojan-activity;sid:84287629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424528)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.73.162.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424528/; classtype:trojan-activity;sid:84287628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424527)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.28.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424527/; classtype:trojan-activity;sid:84287627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424524)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.217.118.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424524/; classtype:trojan-activity;sid:84287624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424525)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.217.118.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424525/; classtype:trojan-activity;sid:84287625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424526)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.31.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424526/; classtype:trojan-activity;sid:84287626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424515)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.123.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424515/; classtype:trojan-activity;sid:84287615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424516)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.92.168.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424516/; classtype:trojan-activity;sid:84287616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.243.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424517/; classtype:trojan-activity;sid:84287617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424518)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.127.243.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424518/; classtype:trojan-activity;sid:84287618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424519)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.187.229.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424519/; classtype:trojan-activity;sid:84287619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424520)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.3.110.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424520/; classtype:trojan-activity;sid:84287620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424521)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.50.0.143"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424521/; classtype:trojan-activity;sid:84287621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424522)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"222.255.109.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424522/; classtype:trojan-activity;sid:84287622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424523)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.145.130.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424523/; classtype:trojan-activity;sid:84287623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424510)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.134.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424510/; classtype:trojan-activity;sid:84287610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424511)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"189.222.105.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424511/; classtype:trojan-activity;sid:84287611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424512)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.205.210.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424512/; classtype:trojan-activity;sid:84287612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424513)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.19.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424513/; classtype:trojan-activity;sid:84287613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424514)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.123.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424514/; classtype:trojan-activity;sid:84287614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424508)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.148.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424508/; classtype:trojan-activity;sid:84287608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424509)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.138.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424509/; classtype:trojan-activity;sid:84287609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.52.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424507/; classtype:trojan-activity;sid:84287607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.16.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424506/; classtype:trojan-activity;sid:84287606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.186.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424505/; classtype:trojan-activity;sid:84287605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424504)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.21.160.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424504/; classtype:trojan-activity;sid:84287604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.249.73.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424503/; classtype:trojan-activity;sid:84287603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.86.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424502/; classtype:trojan-activity;sid:84287602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.173.109.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424501/; classtype:trojan-activity;sid:84287601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424500)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.82.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424500/; classtype:trojan-activity;sid:84287600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.243.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424499/; classtype:trojan-activity;sid:84287599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424498)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.249.73.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424498/; classtype:trojan-activity;sid:84287598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.60.249.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424497/; classtype:trojan-activity;sid:84287597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.26.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424496/; classtype:trojan-activity;sid:84287596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.131.60.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424494/; classtype:trojan-activity;sid:84287594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.56.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424495/; classtype:trojan-activity;sid:84287595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.222.132.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424490/; classtype:trojan-activity;sid:84287590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.235.169.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424491/; classtype:trojan-activity;sid:84287591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.235.208.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424492/; classtype:trojan-activity;sid:84287592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.21.150.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424493/; classtype:trojan-activity;sid:84287593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.237.72.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424484/; classtype:trojan-activity;sid:84287584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.147.196.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424485/; classtype:trojan-activity;sid:84287585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.36.248.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424486/; classtype:trojan-activity;sid:84287586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.129.17.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424487/; classtype:trojan-activity;sid:84287587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.36.156.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424488/; classtype:trojan-activity;sid:84287588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.232.60.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424489/; classtype:trojan-activity;sid:84287589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.184.57.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424481/; classtype:trojan-activity;sid:84287581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.18.196.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424482/; classtype:trojan-activity;sid:84287582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.175.139.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424483/; classtype:trojan-activity;sid:84287583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.74.3.220"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424477/; classtype:trojan-activity;sid:84287577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.218.122.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424478/; classtype:trojan-activity;sid:84287578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.230.222.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424479/; classtype:trojan-activity;sid:84287579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.192.136.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424480/; classtype:trojan-activity;sid:84287580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.151.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424476/; classtype:trojan-activity;sid:84287576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.47.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424474/; classtype:trojan-activity;sid:84287574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424475)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.87.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424475/; classtype:trojan-activity;sid:84287575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.86.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424473/; classtype:trojan-activity;sid:84287573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424471)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.91.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424471/; classtype:trojan-activity;sid:84287571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424472)"; flow:established,from_client; content:"GET"; http_method; content:"/sjjl1aynxzlomutb"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"antlb0tv2.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424472/; classtype:trojan-activity;sid:84287572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424470)"; flow:established,from_client; content:"GET"; http_method; content:"/wmnxwwthgzudgpyz"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"antlb0tv2.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424470/; classtype:trojan-activity;sid:84287570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.60.249.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424469/; classtype:trojan-activity;sid:84287569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424468)"; flow:established,from_client; content:"GET"; http_method; content:"/gtrgesdffsdgfdgerfergweefewew/gdfgergergergerg/raw/24efd2024ca0ac8e5e75dcd40b410dc0fdde0d8d/grn.exe"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424468/; classtype:trojan-activity;sid:84287568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424466)"; flow:established,from_client; content:"GET"; http_method; content:"/gtrgesdffsdgfdgerfergweefewew/gdfgergergergerg/raw/24efd2024ca0ac8e5e75dcd40b410dc0fdde0d8d/test.exe"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424466/; classtype:trojan-activity;sid:84287566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424467)"; flow:established,from_client; content:"GET"; http_method; content:"/gtrgesdffsdgfdgerfergweefewew/gdfgergergergerg/raw/24efd2024ca0ac8e5e75dcd40b410dc0fdde0d8d/green.exe"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424467/; classtype:trojan-activity;sid:84287567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424461)"; flow:established,from_client; content:"GET"; http_method; content:"/gtrgesdffsdgfdgerfergweefewew/gdfgergergergerg/raw/24efd2024ca0ac8e5e75dcd40b410dc0fdde0d8d/blackkkk.exe"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424461/; classtype:trojan-activity;sid:84287561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424462)"; flow:established,from_client; content:"GET"; http_method; content:"/gtrgesdffsdgfdgerfergweefewew/gdfgergergergerg/raw/24efd2024ca0ac8e5e75dcd40b410dc0fdde0d8d/ylw.exe"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424462/; classtype:trojan-activity;sid:84287562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424463)"; flow:established,from_client; content:"GET"; http_method; content:"/gtrgesdffsdgfdgerfergweefewew/gdfgergergergerg/raw/24efd2024ca0ac8e5e75dcd40b410dc0fdde0d8d/black.exe"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424463/; classtype:trojan-activity;sid:84287563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424464)"; flow:established,from_client; content:"GET"; http_method; content:"/gtrgesdffsdgfdgerfergweefewew/gdfgergergergerg/raw/24efd2024ca0ac8e5e75dcd40b410dc0fdde0d8d/greeeeen.exe"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424464/; classtype:trojan-activity;sid:84287564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424465)"; flow:established,from_client; content:"GET"; http_method; content:"/gtrgesdffsdgfdgerfergweefewew/gdfgergergergerg/raw/24efd2024ca0ac8e5e75dcd40b410dc0fdde0d8d/lxix.exe"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424465/; classtype:trojan-activity;sid:84287565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424460)"; flow:established,from_client; content:"GET"; http_method; content:"/gtrgesdffsdgfdgerfergweefewew/gdfgergergergerg/raw/24efd2024ca0ac8e5e75dcd40b410dc0fdde0d8d/cl.exe"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424460/; classtype:trojan-activity;sid:84287560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424459)"; flow:established,from_client; content:"GET"; http_method; content:"/install/vlber4myb0k1"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"rdmfile.eu"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424459/; classtype:trojan-activity;sid:84287559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.28.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424458/; classtype:trojan-activity;sid:84287558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.115.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424457/; classtype:trojan-activity;sid:84287557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424456)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.134.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424456/; classtype:trojan-activity;sid:84287556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.88.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424455/; classtype:trojan-activity;sid:84287555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.43.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424454/; classtype:trojan-activity;sid:84287554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.17.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424452/; classtype:trojan-activity;sid:84287552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.115.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424453/; classtype:trojan-activity;sid:84287553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424451)"; flow:established,from_client; content:"GET"; http_method; content:"/gngkgopny233.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"104.161.16.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424451/; classtype:trojan-activity;sid:84287551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.65.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424450/; classtype:trojan-activity;sid:84287550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424449)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.51.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424449/; classtype:trojan-activity;sid:84287549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424448)"; flow:established,from_client; content:"GET"; http_method; content:"/taozi.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.30.41.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424448/; classtype:trojan-activity;sid:84287548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424447)"; flow:established,from_client; content:"GET"; http_method; content:"/fm_2635_mk26.apk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"samll.b-cdn.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424447/; classtype:trojan-activity;sid:84287547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424446)"; flow:established,from_client; content:"GET"; http_method; content:"/appinstaller.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"atlantida.team"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424446/; classtype:trojan-activity;sid:84287546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.38.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424445/; classtype:trojan-activity;sid:84287545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.88.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424444/; classtype:trojan-activity;sid:84287544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.115.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424443/; classtype:trojan-activity;sid:84287543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.76.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424442/; classtype:trojan-activity;sid:84287542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.114.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424441/; classtype:trojan-activity;sid:84287541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424440)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.65.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424440/; classtype:trojan-activity;sid:84287540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.225.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424439/; classtype:trojan-activity;sid:84287539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.194.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424438/; classtype:trojan-activity;sid:84287538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424437)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.16.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424437/; classtype:trojan-activity;sid:84287537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.177.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424436/; classtype:trojan-activity;sid:84287536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.38.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424435/; classtype:trojan-activity;sid:84287535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.83.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424433/; classtype:trojan-activity;sid:84287533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.95.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424434/; classtype:trojan-activity;sid:84287534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.225.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424431/; classtype:trojan-activity;sid:84287531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.225.162.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424432/; classtype:trojan-activity;sid:84287532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.59.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424430/; classtype:trojan-activity;sid:84287530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.83.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424429/; classtype:trojan-activity;sid:84287529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424422)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"172.32.240.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424422/; classtype:trojan-activity;sid:84287522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424423)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.69.193.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424423/; classtype:trojan-activity;sid:84287523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424424)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424424/; classtype:trojan-activity;sid:84287524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424425)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.249.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424425/; classtype:trojan-activity;sid:84287525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424426)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.115.176.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424426/; classtype:trojan-activity;sid:84287526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424427)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.27.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424427/; classtype:trojan-activity;sid:84287527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424428)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.217.188.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424428/; classtype:trojan-activity;sid:84287528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424421)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424421/; classtype:trojan-activity;sid:84287521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424420)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.200.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424420/; classtype:trojan-activity;sid:84287520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424418)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.252.24.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424418/; classtype:trojan-activity;sid:84287518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424419)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.137.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424419/; classtype:trojan-activity;sid:84287519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424417)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.4.82"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424417/; classtype:trojan-activity;sid:84287517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424412)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.159.54.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424412/; classtype:trojan-activity;sid:84287512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424413)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.166.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424413/; classtype:trojan-activity;sid:84287513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424414)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.204.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424414/; classtype:trojan-activity;sid:84287514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424415)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.20.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424415/; classtype:trojan-activity;sid:84287515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424416)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.151.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424416/; classtype:trojan-activity;sid:84287516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424411)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.102.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424411/; classtype:trojan-activity;sid:84287511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424410)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.58.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424410/; classtype:trojan-activity;sid:84287510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.54.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424409/; classtype:trojan-activity;sid:84287509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.24.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424408/; classtype:trojan-activity;sid:84287508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.148.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424407/; classtype:trojan-activity;sid:84287507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424406)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.89.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424406/; classtype:trojan-activity;sid:84287506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424405)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.221.99.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424405/; classtype:trojan-activity;sid:84287505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424402)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"134.255.232.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424402/; classtype:trojan-activity;sid:84287502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424403)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"134.255.232.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424403/; classtype:trojan-activity;sid:84287503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424404)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"134.255.232.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424404/; classtype:trojan-activity;sid:84287504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.86.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424401/; classtype:trojan-activity;sid:84287501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.33.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424400/; classtype:trojan-activity;sid:84287500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424399)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.122.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424399/; classtype:trojan-activity;sid:84287499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.49.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424398/; classtype:trojan-activity;sid:84287498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.134.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424397/; classtype:trojan-activity;sid:84287497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424396/; classtype:trojan-activity;sid:84287496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.242.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424395/; classtype:trojan-activity;sid:84287495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.18.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424394/; classtype:trojan-activity;sid:84287494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.126.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424393/; classtype:trojan-activity;sid:84287493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.75.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424392/; classtype:trojan-activity;sid:84287492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424391)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.252.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424391/; classtype:trojan-activity;sid:84287491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.225.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424390/; classtype:trojan-activity;sid:84287490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.227.113.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424389/; classtype:trojan-activity;sid:84287489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.126.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424388/; classtype:trojan-activity;sid:84287488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424386)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.156.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424386/; classtype:trojan-activity;sid:84287486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424387)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.186.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424387/; classtype:trojan-activity;sid:84287487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.92.108.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424385/; classtype:trojan-activity;sid:84287485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.65.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424384/; classtype:trojan-activity;sid:84287484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.229.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424383/; classtype:trojan-activity;sid:84287483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.81.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424382/; classtype:trojan-activity;sid:84287482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.198.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424381/; classtype:trojan-activity;sid:84287481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.225.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424380/; classtype:trojan-activity;sid:84287480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424379)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.134.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424379/; classtype:trojan-activity;sid:84287479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424378)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.103.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424378/; classtype:trojan-activity;sid:84287478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.23.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424377/; classtype:trojan-activity;sid:84287477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.156.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424376/; classtype:trojan-activity;sid:84287476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.91.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424375/; classtype:trojan-activity;sid:84287475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424374)"; flow:established,from_client; content:"GET"; http_method; content:"/libraries4.aspx"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"genericfixer.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424374/; classtype:trojan-activity;sid:84287474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.85.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424373/; classtype:trojan-activity;sid:84287473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.81.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424372/; classtype:trojan-activity;sid:84287472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.86.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424371/; classtype:trojan-activity;sid:84287471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.38.123.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424370/; classtype:trojan-activity;sid:84287470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.88.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424369/; classtype:trojan-activity;sid:84287469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424368)"; flow:established,from_client; content:"GET"; http_method; content:"/kernel96.aspx"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"genericfixer.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424368/; classtype:trojan-activity;sid:84287468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.65.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424367/; classtype:trojan-activity;sid:84287467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.68.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424366/; classtype:trojan-activity;sid:84287466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.203.151.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424365/; classtype:trojan-activity;sid:84287465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.252.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424364/; classtype:trojan-activity;sid:84287464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.251.176.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424363/; classtype:trojan-activity;sid:84287463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.210.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424362/; classtype:trojan-activity;sid:84287462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.186.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424361/; classtype:trojan-activity;sid:84287461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.154.80.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424360/; classtype:trojan-activity;sid:84287460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.86.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424358/; classtype:trojan-activity;sid:84287458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.38.123.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424359/; classtype:trojan-activity;sid:84287459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.110.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424357/; classtype:trojan-activity;sid:84287457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.209.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424356/; classtype:trojan-activity;sid:84287456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424355)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.209.51.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424355/; classtype:trojan-activity;sid:84287455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.204.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424354/; classtype:trojan-activity;sid:84287454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.154.80.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424353/; classtype:trojan-activity;sid:84287453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.218.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424352/; classtype:trojan-activity;sid:84287452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.110.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424351/; classtype:trojan-activity;sid:84287451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424350)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.182.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424350/; classtype:trojan-activity;sid:84287450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.214.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424348/; classtype:trojan-activity;sid:84287448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.206.247.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424349/; classtype:trojan-activity;sid:84287449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.46.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424347/; classtype:trojan-activity;sid:84287447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.179.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424345/; classtype:trojan-activity;sid:84287445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.30.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424346/; classtype:trojan-activity;sid:84287446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424343)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.205.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424343/; classtype:trojan-activity;sid:84287443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.23.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424344/; classtype:trojan-activity;sid:84287444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.1.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424342/; classtype:trojan-activity;sid:84287442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.166.195.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424341/; classtype:trojan-activity;sid:84287441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.247.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424340/; classtype:trojan-activity;sid:84287440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424339)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.177.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424339/; classtype:trojan-activity;sid:84287439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.214.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424338/; classtype:trojan-activity;sid:84287438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.204.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424337/; classtype:trojan-activity;sid:84287437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.149.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424336/; classtype:trojan-activity;sid:84287436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.119.180.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424335/; classtype:trojan-activity;sid:84287435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.46.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424334/; classtype:trojan-activity;sid:84287434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.30.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424333/; classtype:trojan-activity;sid:84287433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424327)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424327/; classtype:trojan-activity;sid:84287427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424328)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.132.11.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424328/; classtype:trojan-activity;sid:84287428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424329)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424329/; classtype:trojan-activity;sid:84287429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424330)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.103.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424330/; classtype:trojan-activity;sid:84287430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424331)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.9.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424331/; classtype:trojan-activity;sid:84287431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424332)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.218.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424332/; classtype:trojan-activity;sid:84287432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424325)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.27.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424325/; classtype:trojan-activity;sid:84287425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424326)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424326/; classtype:trojan-activity;sid:84287426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424324)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.231.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424324/; classtype:trojan-activity;sid:84287424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424323)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.69.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424323/; classtype:trojan-activity;sid:84287423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424321)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.87.35.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424321/; classtype:trojan-activity;sid:84287421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.113.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424322/; classtype:trojan-activity;sid:84287422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424316)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.152.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424316/; classtype:trojan-activity;sid:84287416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424317)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.153.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424317/; classtype:trojan-activity;sid:84287417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424318)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.227.113.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424318/; classtype:trojan-activity;sid:84287418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424319)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.173.101.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424319/; classtype:trojan-activity;sid:84287419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424320)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.176.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424320/; classtype:trojan-activity;sid:84287420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.198.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424315/; classtype:trojan-activity;sid:84287415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.205.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424314/; classtype:trojan-activity;sid:84287414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.1.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424313/; classtype:trojan-activity;sid:84287413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.54.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424312/; classtype:trojan-activity;sid:84287412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424311)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.246.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424311/; classtype:trojan-activity;sid:84287411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.168.41.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424310/; classtype:trojan-activity;sid:84287410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424309)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.9.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424309/; classtype:trojan-activity;sid:84287409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.167.64.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424308/; classtype:trojan-activity;sid:84287408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.198.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424307/; classtype:trojan-activity;sid:84287407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.23.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424306/; classtype:trojan-activity;sid:84287406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.86.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424305/; classtype:trojan-activity;sid:84287405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.117.37.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424304/; classtype:trojan-activity;sid:84287404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424303)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"175.31.191.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424303/; classtype:trojan-activity;sid:84287403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.134.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424302/; classtype:trojan-activity;sid:84287402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424300)"; flow:established,from_client; content:"GET"; http_method; content:"/scan/scan_copy_11058103.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"193.233.72.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424300/; classtype:trojan-activity;sid:84287400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424301)"; flow:established,from_client; content:"GET"; http_method; content:"/fork/setup315.msi"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"193.233.72.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424301/; classtype:trojan-activity;sid:84287401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.225.89.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424299/; classtype:trojan-activity;sid:84287399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424298)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.213.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424298/; classtype:trojan-activity;sid:84287398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.168.41.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424297/; classtype:trojan-activity;sid:84287397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.14.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424296/; classtype:trojan-activity;sid:84287396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.193.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424294/; classtype:trojan-activity;sid:84287394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.134.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424295/; classtype:trojan-activity;sid:84287395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.215.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424293/; classtype:trojan-activity;sid:84287393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.114.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424292/; classtype:trojan-activity;sid:84287392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.23.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424291/; classtype:trojan-activity;sid:84287391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.22.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424290/; classtype:trojan-activity;sid:84287390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.193.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424289/; classtype:trojan-activity;sid:84287389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.168.50.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424288/; classtype:trojan-activity;sid:84287388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.175.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424287/; classtype:trojan-activity;sid:84287387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424286)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.225.89.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424286/; classtype:trojan-activity;sid:84287386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.193.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424285/; classtype:trojan-activity;sid:84287385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424283)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.212.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424283/; classtype:trojan-activity;sid:84287383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.134.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424284/; classtype:trojan-activity;sid:84287384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.226.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424281/; classtype:trojan-activity;sid:84287381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424282)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.44.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424282/; classtype:trojan-activity;sid:84287382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.75.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424280/; classtype:trojan-activity;sid:84287380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.215.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424279/; classtype:trojan-activity;sid:84287379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.239.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424278/; classtype:trojan-activity;sid:84287378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.168.50.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424277/; classtype:trojan-activity;sid:84287377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.193.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424276/; classtype:trojan-activity;sid:84287376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.97.27"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424275/; classtype:trojan-activity;sid:84287375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.22.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424274/; classtype:trojan-activity;sid:84287374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.86.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424273/; classtype:trojan-activity;sid:84287373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.151.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424272/; classtype:trojan-activity;sid:84287372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424271)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.64.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424271/; classtype:trojan-activity;sid:84287371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.97.159"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424270/; classtype:trojan-activity;sid:84287370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.80.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424269/; classtype:trojan-activity;sid:84287369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424268)"; flow:established,from_client; content:"GET"; http_method; content:"/awjsx.captcha"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"solve.rlvw.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424268/; classtype:trojan-activity;sid:84287368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.144.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424267/; classtype:trojan-activity;sid:84287367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424265)"; flow:established,from_client; content:"GET"; http_method; content:"/config.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"tangible-drink.surge.sh"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424265/; classtype:trojan-activity;sid:84287365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424266)"; flow:established,from_client; content:"GET"; http_method; content:"/wpx.php"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tangible-drink.surge.sh"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424266/; classtype:trojan-activity;sid:84287366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.169.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424264/; classtype:trojan-activity;sid:84287364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.13.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424263/; classtype:trojan-activity;sid:84287363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.14.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424262/; classtype:trojan-activity;sid:84287362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.203.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424261/; classtype:trojan-activity;sid:84287361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.235.177.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424260/; classtype:trojan-activity;sid:84287360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"170.78.39.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424259/; classtype:trojan-activity;sid:84287359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424257)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.173.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424257/; classtype:trojan-activity;sid:84287357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.227.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424258/; classtype:trojan-activity;sid:84287358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.30.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424256/; classtype:trojan-activity;sid:84287356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424246)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dlf2yhkfkvytxtjyijw5c4i2vjnhcemrmt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424246/; classtype:trojan-activity;sid:84287346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424247)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vdouqortozdgcmthlufczr1sdnep3lkhnz"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424247/; classtype:trojan-activity;sid:84287347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424248)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/r8q8nqf78uol8estelasgqkel0jnyjisxg"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424248/; classtype:trojan-activity;sid:84287348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424249)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hbtl4uik1kmn05di2z8a8ltmybokpfxqeh"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424249/; classtype:trojan-activity;sid:84287349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424250)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/alreslf0spmruz0itbyda2ioqc6grhdo0d"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424250/; classtype:trojan-activity;sid:84287350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424251)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rz2vtl7rzbpeiovi6kybnebkimpr59fghd"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424251/; classtype:trojan-activity;sid:84287351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424252)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/qcjkf06ywohap9vx7boblr6shua9zplvq9"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424252/; classtype:trojan-activity;sid:84287352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424253)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/trnrq2hd4uegrnkubulqdux4nfszmfnam0"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424253/; classtype:trojan-activity;sid:84287353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424254)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/n9s2rn4vezyef9i7vebto0b8wlvzfnvloy"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424254/; classtype:trojan-activity;sid:84287354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424255)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hsepglay5mrjn04porpekzm5q7q7jjzbla"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424255/; classtype:trojan-activity;sid:84287355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424243)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/qco264omeduqh0jjutd7adcw5ty4oglsa0"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424243/; classtype:trojan-activity;sid:84287343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424244)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/9dzegupk5rqcqart3rtug1lqgjoxzbvnkb"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424244/; classtype:trojan-activity;sid:84287344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424245)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mtlk5tgzvgfhtqphzwfi8r08aw5kmzkzft"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424245/; classtype:trojan-activity;sid:84287345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.226.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424241/; classtype:trojan-activity;sid:84287341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.160.170.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424242/; classtype:trojan-activity;sid:84287342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.169.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424240/; classtype:trojan-activity;sid:84287340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.13.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424239/; classtype:trojan-activity;sid:84287339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.203.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424237/; classtype:trojan-activity;sid:84287337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.144.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424238/; classtype:trojan-activity;sid:84287338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424236)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424236/; classtype:trojan-activity;sid:84287336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.78.39.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424234/; classtype:trojan-activity;sid:84287334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.168.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424235/; classtype:trojan-activity;sid:84287335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.127.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424233/; classtype:trojan-activity;sid:84287333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.169.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424232/; classtype:trojan-activity;sid:84287332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.2.104"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424231/; classtype:trojan-activity;sid:84287331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424230)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.58.108.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424230/; classtype:trojan-activity;sid:84287330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.209.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424229/; classtype:trojan-activity;sid:84287329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.64.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424228/; classtype:trojan-activity;sid:84287328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.160.170.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424227/; classtype:trojan-activity;sid:84287327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.231.157.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424226/; classtype:trojan-activity;sid:84287326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.2.104"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424225/; classtype:trojan-activity;sid:84287325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.136.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424224/; classtype:trojan-activity;sid:84287324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.127.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424223/; classtype:trojan-activity;sid:84287323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424222)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.85.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424222/; classtype:trojan-activity;sid:84287322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.215.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424221/; classtype:trojan-activity;sid:84287321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.104.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424220/; classtype:trojan-activity;sid:84287320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.164.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424219/; classtype:trojan-activity;sid:84287319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.30.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424218/; classtype:trojan-activity;sid:84287318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424217)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.238.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424217/; classtype:trojan-activity;sid:84287317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424216)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.100.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424216/; classtype:trojan-activity;sid:84287316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.8.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424215/; classtype:trojan-activity;sid:84287315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.38.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424214/; classtype:trojan-activity;sid:84287314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.85.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424213/; classtype:trojan-activity;sid:84287313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.44.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424211/; classtype:trojan-activity;sid:84287311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.38.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424212/; classtype:trojan-activity;sid:84287312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.136.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424210/; classtype:trojan-activity;sid:84287310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.106.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424208/; classtype:trojan-activity;sid:84287308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.67.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424209/; classtype:trojan-activity;sid:84287309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424203)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"srv9-mivocloud.500apps.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424203/; classtype:trojan-activity;sid:84287303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424204)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.i686"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"srv9-mivocloud.500apps.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424204/; classtype:trojan-activity;sid:84287304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424205)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.armv4l"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mail1.tech-notifications.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424205/; classtype:trojan-activity;sid:84287305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424206)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.sparc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"srv9-mivocloud.500apps.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424206/; classtype:trojan-activity;sid:84287306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424207)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.armv7l"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv9-mivocloud.500apps.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424207/; classtype:trojan-activity;sid:84287307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424199)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.armv5l"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv9-mivocloud.500apps.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424199/; classtype:trojan-activity;sid:84287299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424200)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.i686"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mail1.tech-notifications.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424200/; classtype:trojan-activity;sid:84287300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424201)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"srv9-mivocloud.500apps.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424201/; classtype:trojan-activity;sid:84287301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424202)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.mipsel"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv9-mivocloud.500apps.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424202/; classtype:trojan-activity;sid:84287302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424196)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"srv9-mivocloud.500apps.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424196/; classtype:trojan-activity;sid:84287296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424197)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.i586"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"srv9-mivocloud.500apps.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424197/; classtype:trojan-activity;sid:84287297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424198)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"srv9-mivocloud.500apps.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424198/; classtype:trojan-activity;sid:84287298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.141.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424185/; classtype:trojan-activity;sid:84287285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424186)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mail1.tech-notifications.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424186/; classtype:trojan-activity;sid:84287286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424187)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.i586"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mail1.tech-notifications.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424187/; classtype:trojan-activity;sid:84287287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424188)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.mipsel"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mail1.tech-notifications.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424188/; classtype:trojan-activity;sid:84287288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424189)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.sparc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mail1.tech-notifications.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424189/; classtype:trojan-activity;sid:84287289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424190)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.armv5l"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mail1.tech-notifications.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424190/; classtype:trojan-activity;sid:84287290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424191)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mail1.tech-notifications.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424191/; classtype:trojan-activity;sid:84287291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424192)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mail1.tech-notifications.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424192/; classtype:trojan-activity;sid:84287292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424193)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.armv4l"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv9-mivocloud.500apps.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424193/; classtype:trojan-activity;sid:84287293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424194)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mail1.tech-notifications.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424194/; classtype:trojan-activity;sid:84287294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424195)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.armv6l"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mail1.tech-notifications.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424195/; classtype:trojan-activity;sid:84287295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.150.95.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424184/; classtype:trojan-activity;sid:84287284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.161.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424183/; classtype:trojan-activity;sid:84287283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424182)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.58.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424182/; classtype:trojan-activity;sid:84287282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424181)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.24.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424181/; classtype:trojan-activity;sid:84287281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424176)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.197.29.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424176/; classtype:trojan-activity;sid:84287276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424177)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.72.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424177/; classtype:trojan-activity;sid:84287277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424178)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.230.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424178/; classtype:trojan-activity;sid:84287278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424179)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.2.131"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424179/; classtype:trojan-activity;sid:84287279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424180)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.207.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424180/; classtype:trojan-activity;sid:84287280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.223.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424175/; classtype:trojan-activity;sid:84287275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.139.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424174/; classtype:trojan-activity;sid:84287274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.147.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424173/; classtype:trojan-activity;sid:84287273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.67.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424172/; classtype:trojan-activity;sid:84287272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424156)"; flow:established,from_client; content:"GET"; http_method; content:"/nshmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.17.183.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424156/; classtype:trojan-activity;sid:84287256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424157)"; flow:established,from_client; content:"GET"; http_method; content:"/nshmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.17.183.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424157/; classtype:trojan-activity;sid:84287257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424158)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.17.183.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424158/; classtype:trojan-activity;sid:84287258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424159)"; flow:established,from_client; content:"GET"; http_method; content:"/nshsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.17.183.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424159/; classtype:trojan-activity;sid:84287259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424160)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.17.183.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424160/; classtype:trojan-activity;sid:84287260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424161)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.17.183.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424161/; classtype:trojan-activity;sid:84287261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424162)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.17.183.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424162/; classtype:trojan-activity;sid:84287262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424163)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.17.183.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424163/; classtype:trojan-activity;sid:84287263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424164)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.17.183.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424164/; classtype:trojan-activity;sid:84287264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424165)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.17.183.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424165/; classtype:trojan-activity;sid:84287265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424166)"; flow:established,from_client; content:"GET"; http_method; content:"/nshppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.17.183.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424166/; classtype:trojan-activity;sid:84287266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424167)"; flow:established,from_client; content:"GET"; http_method; content:"/l"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.17.183.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424167/; classtype:trojan-activity;sid:84287267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424168)"; flow:established,from_client; content:"GET"; http_method; content:"/hmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"193.17.183.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424168/; classtype:trojan-activity;sid:84287268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424169)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.17.183.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424169/; classtype:trojan-activity;sid:84287269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424170)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.17.183.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424170/; classtype:trojan-activity;sid:84287270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.8.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424171/; classtype:trojan-activity;sid:84287271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424152)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.17.183.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424152/; classtype:trojan-activity;sid:84287252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424153)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.17.183.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424153/; classtype:trojan-activity;sid:84287253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424154)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.17.183.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424154/; classtype:trojan-activity;sid:84287254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424155)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.17.183.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424155/; classtype:trojan-activity;sid:84287255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.36.120.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424151/; classtype:trojan-activity;sid:84287251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.139.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424150/; classtype:trojan-activity;sid:84287250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.215.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424149/; classtype:trojan-activity;sid:84287249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.36.120.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424148/; classtype:trojan-activity;sid:84287248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.102.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424147/; classtype:trojan-activity;sid:84287247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.194.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424145/; classtype:trojan-activity;sid:84287245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.106.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424146/; classtype:trojan-activity;sid:84287246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.223.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424144/; classtype:trojan-activity;sid:84287244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.126.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424143/; classtype:trojan-activity;sid:84287243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424142)"; flow:established,from_client; content:"GET"; http_method; content:"/capcha.html"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"recapchav3.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424142/; classtype:trojan-activity;sid:84287242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424141/; classtype:trojan-activity;sid:84287241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"169.224.101.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424140/; classtype:trojan-activity;sid:84287240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.15.14.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424138/; classtype:trojan-activity;sid:84287238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.39.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424139/; classtype:trojan-activity;sid:84287239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.141.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424137/; classtype:trojan-activity;sid:84287237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.11.60.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424136/; classtype:trojan-activity;sid:84287236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.174.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424135/; classtype:trojan-activity;sid:84287235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.218.164.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424133/; classtype:trojan-activity;sid:84287233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424134)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424134/; classtype:trojan-activity;sid:84287234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.194.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424132/; classtype:trojan-activity;sid:84287232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.102.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424131/; classtype:trojan-activity;sid:84287231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.11.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424130/; classtype:trojan-activity;sid:84287230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.163.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424128/; classtype:trojan-activity;sid:84287228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.126.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424129/; classtype:trojan-activity;sid:84287229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.147.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424127/; classtype:trojan-activity;sid:84287227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.39.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424126/; classtype:trojan-activity;sid:84287226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.90.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424125/; classtype:trojan-activity;sid:84287225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424124)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424124/; classtype:trojan-activity;sid:84287224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.15.14.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424123/; classtype:trojan-activity;sid:84287223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.63.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424122/; classtype:trojan-activity;sid:84287222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.42.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424120/; classtype:trojan-activity;sid:84287220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424121)"; flow:established,from_client; content:"GET"; http_method; content:"/awjsx.captcha"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"solve.vsdd.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424121/; classtype:trojan-activity;sid:84287221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.119.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424118/; classtype:trojan-activity;sid:84287218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.67.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424119/; classtype:trojan-activity;sid:84287219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.234.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424117/; classtype:trojan-activity;sid:84287217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.92.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424116/; classtype:trojan-activity;sid:84287216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.76.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424115/; classtype:trojan-activity;sid:84287215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.90.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424114/; classtype:trojan-activity;sid:84287214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.11.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424113/; classtype:trojan-activity;sid:84287213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.115.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424112/; classtype:trojan-activity;sid:84287212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424111/; classtype:trojan-activity;sid:84287211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.63.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424110/; classtype:trojan-activity;sid:84287210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424086)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424086/; classtype:trojan-activity;sid:84287186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424087)"; flow:established,from_client; content:"GET"; http_method; content:"/gig.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424087/; classtype:trojan-activity;sid:84287187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424088)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424088/; classtype:trojan-activity;sid:84287188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424089)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424089/; classtype:trojan-activity;sid:84287189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424090)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nklarm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424090/; classtype:trojan-activity;sid:84287190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424091)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424091/; classtype:trojan-activity;sid:84287191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424092)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424092/; classtype:trojan-activity;sid:84287192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424093)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424093/; classtype:trojan-activity;sid:84287193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424094)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nabppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424094/; classtype:trojan-activity;sid:84287194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424095)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424095/; classtype:trojan-activity;sid:84287195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424096)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424096/; classtype:trojan-activity;sid:84287196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424097)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424097/; classtype:trojan-activity;sid:84287197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424098)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424098/; classtype:trojan-activity;sid:84287198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424099)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424099/; classtype:trojan-activity;sid:84287199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424100)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jklmips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424100/; classtype:trojan-activity;sid:84287200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424101)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jklarm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424101/; classtype:trojan-activity;sid:84287201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424102)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nabm68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424102/; classtype:trojan-activity;sid:84287202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424103)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424103/; classtype:trojan-activity;sid:84287203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424104)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424104/; classtype:trojan-activity;sid:84287204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424105)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424105/; classtype:trojan-activity;sid:84287205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424106)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jklmpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424106/; classtype:trojan-activity;sid:84287206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424107)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nklarm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424107/; classtype:trojan-activity;sid:84287207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424108)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424108/; classtype:trojan-activity;sid:84287208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424109)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/splarm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424109/; classtype:trojan-activity;sid:84287209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424071)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424071/; classtype:trojan-activity;sid:84287171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424072)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424072/; classtype:trojan-activity;sid:84287172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424073)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424073/; classtype:trojan-activity;sid:84287173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424074)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jklsh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424074/; classtype:trojan-activity;sid:84287174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424075)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nklmips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424075/; classtype:trojan-activity;sid:84287175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424076)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424076/; classtype:trojan-activity;sid:84287176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424077)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jklspc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424077/; classtype:trojan-activity;sid:84287177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424078)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424078/; classtype:trojan-activity;sid:84287178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424079)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424079/; classtype:trojan-activity;sid:84287179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424080)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424080/; classtype:trojan-activity;sid:84287180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424081)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nabsh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424081/; classtype:trojan-activity;sid:84287181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424082)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zerppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424082/; classtype:trojan-activity;sid:84287182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424083)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424083/; classtype:trojan-activity;sid:84287183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424084)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424084/; classtype:trojan-activity;sid:84287184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424085)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zerarm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424085/; classtype:trojan-activity;sid:84287185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424069)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424069/; classtype:trojan-activity;sid:84287169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424070)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/splarm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424070/; classtype:trojan-activity;sid:84287170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424066)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/splarm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424066/; classtype:trojan-activity;sid:84287166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424067)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zerarm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424067/; classtype:trojan-activity;sid:84287167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424068)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424068/; classtype:trojan-activity;sid:84287168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424056)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nklarm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424056/; classtype:trojan-activity;sid:84287156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424057)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zerspc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424057/; classtype:trojan-activity;sid:84287157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424058)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/splm68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424058/; classtype:trojan-activity;sid:84287158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424059)"; flow:established,from_client; content:"GET"; http_method; content:"/ex"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424059/; classtype:trojan-activity;sid:84287159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424060)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zermpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424060/; classtype:trojan-activity;sid:84287160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424061)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424061/; classtype:trojan-activity;sid:84287161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424062)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nklppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424062/; classtype:trojan-activity;sid:84287162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424063)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/splmips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424063/; classtype:trojan-activity;sid:84287163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424064)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424064/; classtype:trojan-activity;sid:84287164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424065)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424065/; classtype:trojan-activity;sid:84287165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424029)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424029/; classtype:trojan-activity;sid:84287129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424030)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nabmpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424030/; classtype:trojan-activity;sid:84287130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424031)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nklarm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424031/; classtype:trojan-activity;sid:84287131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424032)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424032/; classtype:trojan-activity;sid:84287132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424033)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424033/; classtype:trojan-activity;sid:84287133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424034)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jklarm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424034/; classtype:trojan-activity;sid:84287134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424035)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424035/; classtype:trojan-activity;sid:84287135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424036)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nklsh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424036/; classtype:trojan-activity;sid:84287136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424037)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424037/; classtype:trojan-activity;sid:84287137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424038)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424038/; classtype:trojan-activity;sid:84287138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424039)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424039/; classtype:trojan-activity;sid:84287139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424040)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nabarm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424040/; classtype:trojan-activity;sid:84287140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424041)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424041/; classtype:trojan-activity;sid:84287141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424042)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424042/; classtype:trojan-activity;sid:84287142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424043)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nklm68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424043/; classtype:trojan-activity;sid:84287143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424044)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zersh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424044/; classtype:trojan-activity;sid:84287144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424045)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jklarm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424045/; classtype:trojan-activity;sid:84287145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424046)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424046/; classtype:trojan-activity;sid:84287146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424047)"; flow:established,from_client; content:"GET"; http_method; content:"/splm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424047/; classtype:trojan-activity;sid:84287147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424048)"; flow:established,from_client; content:"GET"; http_method; content:"/ex"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424048/; classtype:trojan-activity;sid:84287148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424049)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424049/; classtype:trojan-activity;sid:84287149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424050)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zerarm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424050/; classtype:trojan-activity;sid:84287150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424051)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424051/; classtype:trojan-activity;sid:84287151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424052)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nklmpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424052/; classtype:trojan-activity;sid:84287152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424053)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424053/; classtype:trojan-activity;sid:84287153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424054)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424054/; classtype:trojan-activity;sid:84287154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424055)"; flow:established,from_client; content:"GET"; http_method; content:"/ex.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424055/; classtype:trojan-activity;sid:84287155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424028)"; flow:established,from_client; content:"GET"; http_method; content:"/gig.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424028/; classtype:trojan-activity;sid:84287128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424013)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424013/; classtype:trojan-activity;sid:84287113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424014)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424014/; classtype:trojan-activity;sid:84287114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424015)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nabmips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424015/; classtype:trojan-activity;sid:84287115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424016)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424016/; classtype:trojan-activity;sid:84287116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424017)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/splarm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424017/; classtype:trojan-activity;sid:84287117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424018)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424018/; classtype:trojan-activity;sid:84287118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424019)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zerm68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424019/; classtype:trojan-activity;sid:84287119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424020)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nabspc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424020/; classtype:trojan-activity;sid:84287120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424021)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424021/; classtype:trojan-activity;sid:84287121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424022)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424022/; classtype:trojan-activity;sid:84287122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424023)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424023/; classtype:trojan-activity;sid:84287123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424024)"; flow:established,from_client; content:"GET"; http_method; content:"/ex.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424024/; classtype:trojan-activity;sid:84287124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424025)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jklppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424025/; classtype:trojan-activity;sid:84287125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424026)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424026/; classtype:trojan-activity;sid:84287126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424027)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424027/; classtype:trojan-activity;sid:84287127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423989)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423989/; classtype:trojan-activity;sid:84287089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423990)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/splppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423990/; classtype:trojan-activity;sid:84287090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423991)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/splmpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423991/; classtype:trojan-activity;sid:84287091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423992)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423992/; classtype:trojan-activity;sid:84287092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423993)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423993/; classtype:trojan-activity;sid:84287093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423994)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423994/; classtype:trojan-activity;sid:84287094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423995)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423995/; classtype:trojan-activity;sid:84287095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423996)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423996/; classtype:trojan-activity;sid:84287096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423997)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zermips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423997/; classtype:trojan-activity;sid:84287097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423998)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423998/; classtype:trojan-activity;sid:84287098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423999)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423999/; classtype:trojan-activity;sid:84287099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424000)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424000/; classtype:trojan-activity;sid:84287100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424001)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424001/; classtype:trojan-activity;sid:84287101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424002)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nklspc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424002/; classtype:trojan-activity;sid:84287102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424003)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zerarm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424003/; classtype:trojan-activity;sid:84287103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424004)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nabarm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424004/; classtype:trojan-activity;sid:84287104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424005)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424005/; classtype:trojan-activity;sid:84287105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424006)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424006/; classtype:trojan-activity;sid:84287106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424007)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424007/; classtype:trojan-activity;sid:84287107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424008)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424008/; classtype:trojan-activity;sid:84287108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424009)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424009/; classtype:trojan-activity;sid:84287109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424010)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424010/; classtype:trojan-activity;sid:84287110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424011)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nabarm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424011/; classtype:trojan-activity;sid:84287111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424012)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nabarm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424012/; classtype:trojan-activity;sid:84287112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423988)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423988/; classtype:trojan-activity;sid:84287088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423978)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423978/; classtype:trojan-activity;sid:84287078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423979)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423979/; classtype:trojan-activity;sid:84287079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423980)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423980/; classtype:trojan-activity;sid:84287080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423981)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/splsh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423981/; classtype:trojan-activity;sid:84287081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423982)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jklarm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423982/; classtype:trojan-activity;sid:84287082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423983)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jklm68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423983/; classtype:trojan-activity;sid:84287083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423984)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423984/; classtype:trojan-activity;sid:84287084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423985)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423985/; classtype:trojan-activity;sid:84287085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423986)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/splspc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423986/; classtype:trojan-activity;sid:84287086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423987)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mta179.insuretn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423987/; classtype:trojan-activity;sid:84287087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423977)"; flow:established,from_client; content:"GET"; http_method; content:"/templates/imagesoftware/imageeditorforwp.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"docshare.icu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423977/; classtype:trojan-activity;sid:84287077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423976)"; flow:established,from_client; content:"GET"; http_method; content:"/templates/imagesoftware/1.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"docshare.icu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423976/; classtype:trojan-activity;sid:84287076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423975)"; flow:established,from_client; content:"GET"; http_method; content:"/templates/imagesoftware/mediathek/videoanimationfloating.mp4"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"docshare.icu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423975/; classtype:trojan-activity;sid:84287075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.92.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423974/; classtype:trojan-activity;sid:84287074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.76.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423973/; classtype:trojan-activity;sid:84287073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.40.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423972/; classtype:trojan-activity;sid:84287072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.159.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423971/; classtype:trojan-activity;sid:84287071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.119.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423970/; classtype:trojan-activity;sid:84287070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.92.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423969/; classtype:trojan-activity;sid:84287069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.159.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423968/; classtype:trojan-activity;sid:84287068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.235.177.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423967/; classtype:trojan-activity;sid:84287067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.237.23.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423966/; classtype:trojan-activity;sid:84287066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.54.181.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423965/; classtype:trojan-activity;sid:84287065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423963)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.248.12.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423963/; classtype:trojan-activity;sid:84287063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423964)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.17.183.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423964/; classtype:trojan-activity;sid:84287064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423962)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.40.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423962/; classtype:trojan-activity;sid:84287062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.133.121.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423961/; classtype:trojan-activity;sid:84287061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.30.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423959/; classtype:trojan-activity;sid:84287059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.115.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423960/; classtype:trojan-activity;sid:84287060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.234.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423958/; classtype:trojan-activity;sid:84287058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423955)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.224.0.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423955/; classtype:trojan-activity;sid:84287055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423956)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.224.0.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423956/; classtype:trojan-activity;sid:84287056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423957)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.224.0.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423957/; classtype:trojan-activity;sid:84287057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423946)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"babamirai31.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423946/; classtype:trojan-activity;sid:84287046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423947)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"babamirai31.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423947/; classtype:trojan-activity;sid:84287047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423948)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"babamirai31.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423948/; classtype:trojan-activity;sid:84287048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423949)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"babamirai31.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423949/; classtype:trojan-activity;sid:84287049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423950)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"babamirai31.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423950/; classtype:trojan-activity;sid:84287050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423951)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"babamirai31.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423951/; classtype:trojan-activity;sid:84287051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423952)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"babamirai31.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423952/; classtype:trojan-activity;sid:84287052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423953)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"babamirai31.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423953/; classtype:trojan-activity;sid:84287053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423954)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"babamirai31.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423954/; classtype:trojan-activity;sid:84287054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423943)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"babamirai31.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423943/; classtype:trojan-activity;sid:84287043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423944)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"babamirai31.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423944/; classtype:trojan-activity;sid:84287044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423945)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"babamirai31.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423945/; classtype:trojan-activity;sid:84287045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423933)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.224.0.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423933/; classtype:trojan-activity;sid:84287033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423934)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.224.0.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423934/; classtype:trojan-activity;sid:84287034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423935)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.224.0.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423935/; classtype:trojan-activity;sid:84287035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423936)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.224.0.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423936/; classtype:trojan-activity;sid:84287036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423937)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.224.0.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423937/; classtype:trojan-activity;sid:84287037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423938)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.224.0.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423938/; classtype:trojan-activity;sid:84287038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423939)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.224.0.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423939/; classtype:trojan-activity;sid:84287039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423940)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"babamirai31.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423940/; classtype:trojan-activity;sid:84287040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423941)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.224.0.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423941/; classtype:trojan-activity;sid:84287041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423942)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"babamirai31.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423942/; classtype:trojan-activity;sid:84287042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423932)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.93.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423932/; classtype:trojan-activity;sid:84287032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423931)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.164.227.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423931/; classtype:trojan-activity;sid:84287031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.34.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423930/; classtype:trojan-activity;sid:84287030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.105.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423929/; classtype:trojan-activity;sid:84287029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423928)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.225.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423928/; classtype:trojan-activity;sid:84287028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.58.110.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423927/; classtype:trojan-activity;sid:84287027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.225.162.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423926/; classtype:trojan-activity;sid:84287026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.246.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423924/; classtype:trojan-activity;sid:84287024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.236.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423925/; classtype:trojan-activity;sid:84287025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.85.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423923/; classtype:trojan-activity;sid:84287023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.82.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423922/; classtype:trojan-activity;sid:84287022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423921)"; flow:established,from_client; content:"GET"; http_method; content:"/idk.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.35.95.240"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423921/; classtype:trojan-activity;sid:84287021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423920)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.143.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423920/; classtype:trojan-activity;sid:84287020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.34.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423919/; classtype:trojan-activity;sid:84287019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423918)"; flow:established,from_client; content:"GET"; http_method; content:"/pamoi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"195.20.18.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423918/; classtype:trojan-activity;sid:84287018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423911)"; flow:established,from_client; content:"GET"; http_method; content:"/dftg7d6tg9s6f796gs96afasd"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"195.20.18.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423911/; classtype:trojan-activity;sid:84287011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423912)"; flow:established,from_client; content:"GET"; http_method; content:"/d8shf08ghakfh8f0h09ashfakjhfsdhfa8hghaihf"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"195.20.18.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423912/; classtype:trojan-activity;sid:84287012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423913)"; flow:established,from_client; content:"GET"; http_method; content:"/dgfasd7yfgda876sf"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"195.20.18.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423913/; classtype:trojan-activity;sid:84287013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423914)"; flow:established,from_client; content:"GET"; http_method; content:"/jimgumbels"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"195.20.18.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423914/; classtype:trojan-activity;sid:84287014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423915)"; flow:established,from_client; content:"GET"; http_method; content:"/vremya"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.20.18.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423915/; classtype:trojan-activity;sid:84287015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423916)"; flow:established,from_client; content:"GET"; http_method; content:"/ph"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.20.18.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423916/; classtype:trojan-activity;sid:84287016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423917)"; flow:established,from_client; content:"GET"; http_method; content:"/uiasdfhgiusdfgisdufgasdyuifg"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"195.20.18.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423917/; classtype:trojan-activity;sid:84287017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.94.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423910/; classtype:trojan-activity;sid:84287010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.234.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423909/; classtype:trojan-activity;sid:84287009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.236.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423908/; classtype:trojan-activity;sid:84287008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.139.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423907/; classtype:trojan-activity;sid:84287007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.159.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423906/; classtype:trojan-activity;sid:84287006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.105.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423905/; classtype:trojan-activity;sid:84287005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.5.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423904/; classtype:trojan-activity;sid:84287004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.82.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423903/; classtype:trojan-activity;sid:84287003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.94.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423902/; classtype:trojan-activity;sid:84287002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.159.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423901/; classtype:trojan-activity;sid:84287001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423899)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.177.95.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423899/; classtype:trojan-activity;sid:84286999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423900)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.177.95.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423900/; classtype:trojan-activity;sid:84287000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423898)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"195.177.95.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423898/; classtype:trojan-activity;sid:84286998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423897)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.177.95.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423897/; classtype:trojan-activity;sid:84286997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.214.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423896/; classtype:trojan-activity;sid:84286996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423895)"; flow:established,from_client; content:"GET"; http_method; content:"/clean"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"195.177.95.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423895/; classtype:trojan-activity;sid:84286995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.7.201"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423894/; classtype:trojan-activity;sid:84286994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.13.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423893/; classtype:trojan-activity;sid:84286993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423892)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.117.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423892/; classtype:trojan-activity;sid:84286992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423890)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.11.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423890/; classtype:trojan-activity;sid:84286990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423891)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.95.108.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423891/; classtype:trojan-activity;sid:84286991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423885)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.59.87.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423885/; classtype:trojan-activity;sid:84286985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423886)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.129.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423886/; classtype:trojan-activity;sid:84286986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423887)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423887/; classtype:trojan-activity;sid:84286987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423888)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423888/; classtype:trojan-activity;sid:84286988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423889)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423889/; classtype:trojan-activity;sid:84286989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423884)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.124.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423884/; classtype:trojan-activity;sid:84286984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.40.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423883/; classtype:trojan-activity;sid:84286983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423882)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.202.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423882/; classtype:trojan-activity;sid:84286982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423881)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.168.64.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423881/; classtype:trojan-activity;sid:84286981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423880)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.49.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423880/; classtype:trojan-activity;sid:84286980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423879)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.94.193.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423879/; classtype:trojan-activity;sid:84286979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.94.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423878/; classtype:trojan-activity;sid:84286978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.179.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423876/; classtype:trojan-activity;sid:84286976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.139.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423877/; classtype:trojan-activity;sid:84286977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.163.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423875/; classtype:trojan-activity;sid:84286975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.60.102.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423874/; classtype:trojan-activity;sid:84286974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.115.76.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423872/; classtype:trojan-activity;sid:84286972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.240.27.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423873/; classtype:trojan-activity;sid:84286973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423871)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.230.66.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423871/; classtype:trojan-activity;sid:84286971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.26.112"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423870/; classtype:trojan-activity;sid:84286970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.27.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423869/; classtype:trojan-activity;sid:84286969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.163.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423868/; classtype:trojan-activity;sid:84286968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.79.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423867/; classtype:trojan-activity;sid:84286967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423865/; classtype:trojan-activity;sid:84286965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.13.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423866/; classtype:trojan-activity;sid:84286966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423864)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.61.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423864/; classtype:trojan-activity;sid:84286964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.103.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423863/; classtype:trojan-activity;sid:84286963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.69.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423862/; classtype:trojan-activity;sid:84286962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423861/; classtype:trojan-activity;sid:84286961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.103.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423860/; classtype:trojan-activity;sid:84286960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.60.102.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423858/; classtype:trojan-activity;sid:84286958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.5.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423859/; classtype:trojan-activity;sid:84286959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.221.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423857/; classtype:trojan-activity;sid:84286957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423856)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.225.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423856/; classtype:trojan-activity;sid:84286956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.156.63.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423855/; classtype:trojan-activity;sid:84286955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.5.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423854/; classtype:trojan-activity;sid:84286954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.57.1.142"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423853/; classtype:trojan-activity;sid:84286953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.94.210.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423852/; classtype:trojan-activity;sid:84286952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.246.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423851/; classtype:trojan-activity;sid:84286951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.13.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423850/; classtype:trojan-activity;sid:84286950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.78.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423849/; classtype:trojan-activity;sid:84286949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.5.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423848/; classtype:trojan-activity;sid:84286948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.26.112"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423847/; classtype:trojan-activity;sid:84286947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.230.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423846/; classtype:trojan-activity;sid:84286946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.79.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423845/; classtype:trojan-activity;sid:84286945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423844)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.170.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423844/; classtype:trojan-activity;sid:84286944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.166.195.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423843/; classtype:trojan-activity;sid:84286943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.69.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423842/; classtype:trojan-activity;sid:84286942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423841/; classtype:trojan-activity;sid:84286941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.169.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423840/; classtype:trojan-activity;sid:84286940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.193.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423839/; classtype:trojan-activity;sid:84286939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.233.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423838/; classtype:trojan-activity;sid:84286938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.186.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423837/; classtype:trojan-activity;sid:84286937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.247.150.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423836/; classtype:trojan-activity;sid:84286936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.173.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423835/; classtype:trojan-activity;sid:84286935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423831)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.34.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423831/; classtype:trojan-activity;sid:84286931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.169.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423832/; classtype:trojan-activity;sid:84286932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.140.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423833/; classtype:trojan-activity;sid:84286933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423834)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.225.16.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423834/; classtype:trojan-activity;sid:84286934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423829)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"157.10.45.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423829/; classtype:trojan-activity;sid:84286929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423830)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"157.10.45.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423830/; classtype:trojan-activity;sid:84286930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.177.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423828/; classtype:trojan-activity;sid:84286928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.156.63.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423827/; classtype:trojan-activity;sid:84286927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.94.210.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423826/; classtype:trojan-activity;sid:84286926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.246.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423825/; classtype:trojan-activity;sid:84286925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.29.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423824/; classtype:trojan-activity;sid:84286924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423823)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.78.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423823/; classtype:trojan-activity;sid:84286923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.17.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423822/; classtype:trojan-activity;sid:84286922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.162.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423821/; classtype:trojan-activity;sid:84286921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423820/; classtype:trojan-activity;sid:84286920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.33.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423819/; classtype:trojan-activity;sid:84286919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.245.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423818/; classtype:trojan-activity;sid:84286918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.241.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423817/; classtype:trojan-activity;sid:84286917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.191.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423816/; classtype:trojan-activity;sid:84286916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.104.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423815/; classtype:trojan-activity;sid:84286915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.64.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423814/; classtype:trojan-activity;sid:84286914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.238.43.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423813/; classtype:trojan-activity;sid:84286913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.173.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423812/; classtype:trojan-activity;sid:84286912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.239.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423811/; classtype:trojan-activity;sid:84286911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.231.149.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423810/; classtype:trojan-activity;sid:84286910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.7.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423809/; classtype:trojan-activity;sid:84286909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.93.21.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423808/; classtype:trojan-activity;sid:84286908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.64.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423806/; classtype:trojan-activity;sid:84286906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.140.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423807/; classtype:trojan-activity;sid:84286907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.91.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423805/; classtype:trojan-activity;sid:84286905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.33.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423804/; classtype:trojan-activity;sid:84286904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.193.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423802/; classtype:trojan-activity;sid:84286902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.177.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423803/; classtype:trojan-activity;sid:84286903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.12.20"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423801/; classtype:trojan-activity;sid:84286901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.241.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423800/; classtype:trojan-activity;sid:84286900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.62.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423799/; classtype:trojan-activity;sid:84286899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.60.225.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423798/; classtype:trojan-activity;sid:84286898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.104.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423797/; classtype:trojan-activity;sid:84286897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.52.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423796/; classtype:trojan-activity;sid:84286896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.239.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423795/; classtype:trojan-activity;sid:84286895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.24.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423794/; classtype:trojan-activity;sid:84286894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.83.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423793/; classtype:trojan-activity;sid:84286893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.238.43.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423792/; classtype:trojan-activity;sid:84286892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.170.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423791/; classtype:trojan-activity;sid:84286891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.7.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423790/; classtype:trojan-activity;sid:84286890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.93.21.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423789/; classtype:trojan-activity;sid:84286889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423788)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.226.168.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423788/; classtype:trojan-activity;sid:84286888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.178.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423787/; classtype:trojan-activity;sid:84286887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.24.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423786/; classtype:trojan-activity;sid:84286886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.113.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423785/; classtype:trojan-activity;sid:84286885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.205.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423784/; classtype:trojan-activity;sid:84286884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.5.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423783/; classtype:trojan-activity;sid:84286883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.31.153"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423782/; classtype:trojan-activity;sid:84286882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.105.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423780/; classtype:trojan-activity;sid:84286880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.176.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423781/; classtype:trojan-activity;sid:84286881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.62.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423779/; classtype:trojan-activity;sid:84286879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.52.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423778/; classtype:trojan-activity;sid:84286878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.237.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423777/; classtype:trojan-activity;sid:84286877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.233.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423776/; classtype:trojan-activity;sid:84286876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.170.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423775/; classtype:trojan-activity;sid:84286875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.14.235"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423774/; classtype:trojan-activity;sid:84286874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.49.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423772/; classtype:trojan-activity;sid:84286872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.83.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423773/; classtype:trojan-activity;sid:84286873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423771)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.5.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423771/; classtype:trojan-activity;sid:84286871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.83.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423770/; classtype:trojan-activity;sid:84286870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.81.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423769/; classtype:trojan-activity;sid:84286869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.37.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423768/; classtype:trojan-activity;sid:84286868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.88.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423767/; classtype:trojan-activity;sid:84286867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.105.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423766/; classtype:trojan-activity;sid:84286866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.237.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423765/; classtype:trojan-activity;sid:84286865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.191.231.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423764/; classtype:trojan-activity;sid:84286864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423763/; classtype:trojan-activity;sid:84286863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.83.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423762/; classtype:trojan-activity;sid:84286862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.116.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423761/; classtype:trojan-activity;sid:84286861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.188.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423760/; classtype:trojan-activity;sid:84286860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.82.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423759/; classtype:trojan-activity;sid:84286859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.162.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423758/; classtype:trojan-activity;sid:84286858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.117.37.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423757/; classtype:trojan-activity;sid:84286857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423755)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"157.10.45.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423755/; classtype:trojan-activity;sid:84286855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.99.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423756/; classtype:trojan-activity;sid:84286856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423752)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"66.63.187.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423752/; classtype:trojan-activity;sid:84286852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.73.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423753/; classtype:trojan-activity;sid:84286853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.99.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423754/; classtype:trojan-activity;sid:84286854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.99.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423751/; classtype:trojan-activity;sid:84286851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.21.160.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423747/; classtype:trojan-activity;sid:84286847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423748)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423748/; classtype:trojan-activity;sid:84286848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423749)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.198.84.02"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423749/; classtype:trojan-activity;sid:84286849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.148.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423750/; classtype:trojan-activity;sid:84286850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423746)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423746/; classtype:trojan-activity;sid:84286846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423745)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.17.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423745/; classtype:trojan-activity;sid:84286845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423744)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.112.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423744/; classtype:trojan-activity;sid:84286844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423743)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.203.72.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423743/; classtype:trojan-activity;sid:84286843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423742)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.23.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423742/; classtype:trojan-activity;sid:84286842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423741)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.51.193.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423741/; classtype:trojan-activity;sid:84286841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423737)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.163.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423737/; classtype:trojan-activity;sid:84286837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423738)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.143.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423738/; classtype:trojan-activity;sid:84286838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423739)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.175.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423739/; classtype:trojan-activity;sid:84286839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423740)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.19.244"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423740/; classtype:trojan-activity;sid:84286840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423736)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.100.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423736/; classtype:trojan-activity;sid:84286836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.139.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423735/; classtype:trojan-activity;sid:84286835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.82.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423734/; classtype:trojan-activity;sid:84286834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.231.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423733/; classtype:trojan-activity;sid:84286833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.154.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423731/; classtype:trojan-activity;sid:84286831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.127.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423732/; classtype:trojan-activity;sid:84286832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.238.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423730/; classtype:trojan-activity;sid:84286830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.116.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423728/; classtype:trojan-activity;sid:84286828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.109.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423729/; classtype:trojan-activity;sid:84286829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423727)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.48.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423727/; classtype:trojan-activity;sid:84286827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.3.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423726/; classtype:trojan-activity;sid:84286826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.27.205"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423725/; classtype:trojan-activity;sid:84286825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.73.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423724/; classtype:trojan-activity;sid:84286824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.93.113.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423723/; classtype:trojan-activity;sid:84286823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.87.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423722/; classtype:trojan-activity;sid:84286822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.99.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423721/; classtype:trojan-activity;sid:84286821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.180.39.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423720/; classtype:trojan-activity;sid:84286820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.10.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423719/; classtype:trojan-activity;sid:84286819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423718)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423718/; classtype:trojan-activity;sid:84286818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423717)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.176.223.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423717/; classtype:trojan-activity;sid:84286817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.93.113.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423716/; classtype:trojan-activity;sid:84286816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.154.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423715/; classtype:trojan-activity;sid:84286815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.127.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423714/; classtype:trojan-activity;sid:84286814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.123.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423713/; classtype:trojan-activity;sid:84286813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423712)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.109.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423712/; classtype:trojan-activity;sid:84286812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.39.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423711/; classtype:trojan-activity;sid:84286811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.28.171"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423710/; classtype:trojan-activity;sid:84286810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.26.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423709/; classtype:trojan-activity;sid:84286809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.37.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423708/; classtype:trojan-activity;sid:84286808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423707)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.35.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423707/; classtype:trojan-activity;sid:84286807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.3.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423706/; classtype:trojan-activity;sid:84286806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.53.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423704/; classtype:trojan-activity;sid:84286804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.163.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423705/; classtype:trojan-activity;sid:84286805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.92.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423703/; classtype:trojan-activity;sid:84286803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.67.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423702/; classtype:trojan-activity;sid:84286802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.234.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423701/; classtype:trojan-activity;sid:84286801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.142.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423700/; classtype:trojan-activity;sid:84286800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423699)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.210.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423699/; classtype:trojan-activity;sid:84286799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423697)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423697/; classtype:trojan-activity;sid:84286797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423698)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423698/; classtype:trojan-activity;sid:84286798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.180.39.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423696/; classtype:trojan-activity;sid:84286796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.205.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423695/; classtype:trojan-activity;sid:84286795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.92.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423694/; classtype:trojan-activity;sid:84286794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.168.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423692/; classtype:trojan-activity;sid:84286792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.250.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423693/; classtype:trojan-activity;sid:84286793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.87.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423691/; classtype:trojan-activity;sid:84286791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.86.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423690/; classtype:trojan-activity;sid:84286790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.234.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423689/; classtype:trojan-activity;sid:84286789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423688)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.53.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423688/; classtype:trojan-activity;sid:84286788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.24.27.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423686/; classtype:trojan-activity;sid:84286786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.24.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423687/; classtype:trojan-activity;sid:84286787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.142.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423685/; classtype:trojan-activity;sid:84286785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.205.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423684/; classtype:trojan-activity;sid:84286784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.56.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423683/; classtype:trojan-activity;sid:84286783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.11.35"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423682/; classtype:trojan-activity;sid:84286782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.19.39"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423681/; classtype:trojan-activity;sid:84286781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.250.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423680/; classtype:trojan-activity;sid:84286780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.179.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423678/; classtype:trojan-activity;sid:84286778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.88.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423679/; classtype:trojan-activity;sid:84286779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423677)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.213.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423677/; classtype:trojan-activity;sid:84286777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.34.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423676/; classtype:trojan-activity;sid:84286776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.68.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423675/; classtype:trojan-activity;sid:84286775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.131.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423674/; classtype:trojan-activity;sid:84286774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.188.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423673/; classtype:trojan-activity;sid:84286773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423672)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.97.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423672/; classtype:trojan-activity;sid:84286772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.61.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423671/; classtype:trojan-activity;sid:84286771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.68.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423670/; classtype:trojan-activity;sid:84286770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.215.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423669/; classtype:trojan-activity;sid:84286769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.56.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423668/; classtype:trojan-activity;sid:84286768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.11.35"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423667/; classtype:trojan-activity;sid:84286767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.27.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423666/; classtype:trojan-activity;sid:84286766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.179.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423665/; classtype:trojan-activity;sid:84286765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423664)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.142.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423664/; classtype:trojan-activity;sid:84286764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.33.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423663/; classtype:trojan-activity;sid:84286763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.53.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423662/; classtype:trojan-activity;sid:84286762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.76.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423661/; classtype:trojan-activity;sid:84286761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.23.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423660/; classtype:trojan-activity;sid:84286760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.15.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423659/; classtype:trojan-activity;sid:84286759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.27.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423658/; classtype:trojan-activity;sid:84286758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.131.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423657/; classtype:trojan-activity;sid:84286757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.173.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423656/; classtype:trojan-activity;sid:84286756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.26.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423655/; classtype:trojan-activity;sid:84286755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.217.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423654/; classtype:trojan-activity;sid:84286754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.73.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423653/; classtype:trojan-activity;sid:84286753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.26.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423651/; classtype:trojan-activity;sid:84286751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.70.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423652/; classtype:trojan-activity;sid:84286752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.254.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423650/; classtype:trojan-activity;sid:84286750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.23.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423649/; classtype:trojan-activity;sid:84286749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.75.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423648/; classtype:trojan-activity;sid:84286748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423647)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.63.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423647/; classtype:trojan-activity;sid:84286747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423646)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.235.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423646/; classtype:trojan-activity;sid:84286746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423645)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.2.10"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423645/; classtype:trojan-activity;sid:84286745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423644/; classtype:trojan-activity;sid:84286744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.85.33.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423643/; classtype:trojan-activity;sid:84286743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.86.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423642/; classtype:trojan-activity;sid:84286742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.52.117"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423641/; classtype:trojan-activity;sid:84286741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.234.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423640/; classtype:trojan-activity;sid:84286740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423639)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423639/; classtype:trojan-activity;sid:84286739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.170.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423638/; classtype:trojan-activity;sid:84286738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.101.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423637/; classtype:trojan-activity;sid:84286737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.218.147.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423635/; classtype:trojan-activity;sid:84286735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.84.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423636/; classtype:trojan-activity;sid:84286736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.221.208.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423634/; classtype:trojan-activity;sid:84286734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423633/; classtype:trojan-activity;sid:84286733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.51.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423632/; classtype:trojan-activity;sid:84286732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.37.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423631/; classtype:trojan-activity;sid:84286731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423626)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.160.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423626/; classtype:trojan-activity;sid:84286726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423627)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423627/; classtype:trojan-activity;sid:84286727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423628)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.7.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423628/; classtype:trojan-activity;sid:84286728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423629)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.111.138.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423629/; classtype:trojan-activity;sid:84286729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423630)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.171.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423630/; classtype:trojan-activity;sid:84286730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423625)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.124.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423625/; classtype:trojan-activity;sid:84286725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423624)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.125.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423624/; classtype:trojan-activity;sid:84286724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423623)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.247.52.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423623/; classtype:trojan-activity;sid:84286723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423622)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.113.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423622/; classtype:trojan-activity;sid:84286722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.148.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423620/; classtype:trojan-activity;sid:84286720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.10.26.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3423621/; classtype:trojan-activity;sid:84286721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.231.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423619/; classtype:trojan-activity;sid:84286719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.40.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423618/; classtype:trojan-activity;sid:84286718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.12.46"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423617/; classtype:trojan-activity;sid:84286717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.201.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423616/; classtype:trojan-activity;sid:84286716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.170.216.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423615/; classtype:trojan-activity;sid:84286715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423614/; classtype:trojan-activity;sid:84286714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.218.147.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423611/; classtype:trojan-activity;sid:84286711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.234.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423612/; classtype:trojan-activity;sid:84286712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.84.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423613/; classtype:trojan-activity;sid:84286713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.48.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423610/; classtype:trojan-activity;sid:84286710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.170.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423609/; classtype:trojan-activity;sid:84286709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.198.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423608/; classtype:trojan-activity;sid:84286708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.104.194.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423606/; classtype:trojan-activity;sid:84286706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.52.117"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423607/; classtype:trojan-activity;sid:84286707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.9.41.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423605/; classtype:trojan-activity;sid:84286705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.113.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423603/; classtype:trojan-activity;sid:84286703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.186.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423604/; classtype:trojan-activity;sid:84286704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.19.254"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423602/; classtype:trojan-activity;sid:84286702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.65.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423601/; classtype:trojan-activity;sid:84286701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.170.216.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423600/; classtype:trojan-activity;sid:84286700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.12.46"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423599/; classtype:trojan-activity;sid:84286699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.40.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423598/; classtype:trojan-activity;sid:84286698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.63.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423597/; classtype:trojan-activity;sid:84286697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.138.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423595/; classtype:trojan-activity;sid:84286695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423596)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.208.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423596/; classtype:trojan-activity;sid:84286696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423594)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.231.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423594/; classtype:trojan-activity;sid:84286694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.98.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423593/; classtype:trojan-activity;sid:84286693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.51.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423592/; classtype:trojan-activity;sid:84286692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.186.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423590/; classtype:trojan-activity;sid:84286690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.65.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423591/; classtype:trojan-activity;sid:84286691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.53.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423589/; classtype:trojan-activity;sid:84286689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.221.44.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423588/; classtype:trojan-activity;sid:84286688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.193.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423587/; classtype:trojan-activity;sid:84286687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.171.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423586/; classtype:trojan-activity;sid:84286686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.59.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423585/; classtype:trojan-activity;sid:84286685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.36.120.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423584/; classtype:trojan-activity;sid:84286684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.113.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423583/; classtype:trojan-activity;sid:84286683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.9.41.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423582/; classtype:trojan-activity;sid:84286682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423581)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.63.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423581/; classtype:trojan-activity;sid:84286681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423576)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"134.255.232.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423576/; classtype:trojan-activity;sid:84286676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423577)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"134.255.232.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423577/; classtype:trojan-activity;sid:84286677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423578)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"134.255.232.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423578/; classtype:trojan-activity;sid:84286678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423579)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"134.255.232.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423579/; classtype:trojan-activity;sid:84286679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423580)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"134.255.232.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423580/; classtype:trojan-activity;sid:84286680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.19.254"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423574/; classtype:trojan-activity;sid:84286674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.138.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423575/; classtype:trojan-activity;sid:84286675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.208.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423573/; classtype:trojan-activity;sid:84286673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.18.19"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423572/; classtype:trojan-activity;sid:84286672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.95.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423571/; classtype:trojan-activity;sid:84286671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.26.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423570/; classtype:trojan-activity;sid:84286670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.232.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423569/; classtype:trojan-activity;sid:84286669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.138.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423568/; classtype:trojan-activity;sid:84286668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.80.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423567/; classtype:trojan-activity;sid:84286667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.80.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423566/; classtype:trojan-activity;sid:84286666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.167.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423565/; classtype:trojan-activity;sid:84286665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423564)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.251.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423564/; classtype:trojan-activity;sid:84286664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.64.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423563/; classtype:trojan-activity;sid:84286663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.147.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423562/; classtype:trojan-activity;sid:84286662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.100.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423561/; classtype:trojan-activity;sid:84286661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.104.194.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423560/; classtype:trojan-activity;sid:84286660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.95.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423559/; classtype:trojan-activity;sid:84286659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.18.19"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423558/; classtype:trojan-activity;sid:84286658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.140.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423557/; classtype:trojan-activity;sid:84286657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.14.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423555/; classtype:trojan-activity;sid:84286655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.211.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423556/; classtype:trojan-activity;sid:84286656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.194.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423554/; classtype:trojan-activity;sid:84286654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.138.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423553/; classtype:trojan-activity;sid:84286653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.59.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423552/; classtype:trojan-activity;sid:84286652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.77.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423551/; classtype:trojan-activity;sid:84286651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.221.44.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423550/; classtype:trojan-activity;sid:84286650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.64.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423549/; classtype:trojan-activity;sid:84286649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.167.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423548/; classtype:trojan-activity;sid:84286648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423547)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.87.104.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423547/; classtype:trojan-activity;sid:84286647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.194.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423546/; classtype:trojan-activity;sid:84286646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.163.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423545/; classtype:trojan-activity;sid:84286645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.157.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423544/; classtype:trojan-activity;sid:84286644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423543)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.23.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423543/; classtype:trojan-activity;sid:84286643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.138.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423542/; classtype:trojan-activity;sid:84286642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423541)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.68.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423541/; classtype:trojan-activity;sid:84286641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423539)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.56.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423539/; classtype:trojan-activity;sid:84286639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423540)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.253.19.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423540/; classtype:trojan-activity;sid:84286640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.114.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423538/; classtype:trojan-activity;sid:84286638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.206.213.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423537/; classtype:trojan-activity;sid:84286637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.27.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423536/; classtype:trojan-activity;sid:84286636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.218.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423535/; classtype:trojan-activity;sid:84286635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.59.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423534/; classtype:trojan-activity;sid:84286634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.131.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423533/; classtype:trojan-activity;sid:84286633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.246.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423531/; classtype:trojan-activity;sid:84286631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.55.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423532/; classtype:trojan-activity;sid:84286632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423530)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.81.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423530/; classtype:trojan-activity;sid:84286630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.53.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423529/; classtype:trojan-activity;sid:84286629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.138.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423528/; classtype:trojan-activity;sid:84286628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423527)"; flow:established,from_client; content:"GET"; http_method; content:"/awjsx.captcha"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"solve.kxlv.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423527/; classtype:trojan-activity;sid:84286627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.157.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423526/; classtype:trojan-activity;sid:84286626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423524)"; flow:established,from_client; content:"GET"; http_method; content:"/boom/tvhaqk.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"147.45.44.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423524/; classtype:trojan-activity;sid:84286624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423525)"; flow:established,from_client; content:"GET"; http_method; content:"/boom/uykb.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"147.45.44.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423525/; classtype:trojan-activity;sid:84286625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.251.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423523/; classtype:trojan-activity;sid:84286623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.61.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423522/; classtype:trojan-activity;sid:84286622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.89.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423521/; classtype:trojan-activity;sid:84286621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.23.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423520/; classtype:trojan-activity;sid:84286620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423519)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.210.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423519/; classtype:trojan-activity;sid:84286619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.24.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423518/; classtype:trojan-activity;sid:84286618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.242.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423517/; classtype:trojan-activity;sid:84286617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.55.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423516/; classtype:trojan-activity;sid:84286616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.246.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423515/; classtype:trojan-activity;sid:84286615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.60.235.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423514/; classtype:trojan-activity;sid:84286614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.35.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423513/; classtype:trojan-activity;sid:84286613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423512)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.252.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423512/; classtype:trojan-activity;sid:84286612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.93.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423511/; classtype:trojan-activity;sid:84286611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.211.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423510/; classtype:trojan-activity;sid:84286610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423509)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.192.250.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423509/; classtype:trojan-activity;sid:84286609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423508)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.75.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423508/; classtype:trojan-activity;sid:84286608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.241.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423507/; classtype:trojan-activity;sid:84286607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.68.142.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423506/; classtype:trojan-activity;sid:84286606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423505)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.31.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423505/; classtype:trojan-activity;sid:84286605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423504)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.0.217.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423504/; classtype:trojan-activity;sid:84286604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423502)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.244.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423502/; classtype:trojan-activity;sid:84286602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423503)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.209.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423503/; classtype:trojan-activity;sid:84286603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423493)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423493/; classtype:trojan-activity;sid:84286593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423494)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423494/; classtype:trojan-activity;sid:84286594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423495)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.252.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423495/; classtype:trojan-activity;sid:84286595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423496)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.207.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423496/; classtype:trojan-activity;sid:84286596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423497)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.58.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423497/; classtype:trojan-activity;sid:84286597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.148.85.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423498/; classtype:trojan-activity;sid:84286598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423499)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423499/; classtype:trojan-activity;sid:84286599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423500)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.71.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423500/; classtype:trojan-activity;sid:84286600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423501)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.251.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423501/; classtype:trojan-activity;sid:84286601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423492)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.180.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423492/; classtype:trojan-activity;sid:84286592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423490)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.202.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423490/; classtype:trojan-activity;sid:84286590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423491)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.18.19"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423491/; classtype:trojan-activity;sid:84286591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423489)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.123.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423489/; classtype:trojan-activity;sid:84286589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423487)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.2.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423487/; classtype:trojan-activity;sid:84286587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.4.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423488/; classtype:trojan-activity;sid:84286588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423486)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.126.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423486/; classtype:trojan-activity;sid:84286586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.80.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423485/; classtype:trojan-activity;sid:84286585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.208.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423484/; classtype:trojan-activity;sid:84286584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.112.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423482/; classtype:trojan-activity;sid:84286582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.215.231.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423483/; classtype:trojan-activity;sid:84286583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.90.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423481/; classtype:trojan-activity;sid:84286581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.192.250.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423480/; classtype:trojan-activity;sid:84286580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423479)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.93.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423479/; classtype:trojan-activity;sid:84286579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423478)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.167.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423478/; classtype:trojan-activity;sid:84286578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.54.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423477/; classtype:trojan-activity;sid:84286577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.158.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423476/; classtype:trojan-activity;sid:84286576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423467)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.224.0.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423467/; classtype:trojan-activity;sid:84286567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423468)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.167.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423468/; classtype:trojan-activity;sid:84286568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423469)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.167.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423469/; classtype:trojan-activity;sid:84286569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423470)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.167.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423470/; classtype:trojan-activity;sid:84286570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423471)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.167.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423471/; classtype:trojan-activity;sid:84286571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423472)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.167.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423472/; classtype:trojan-activity;sid:84286572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423473)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.224.0.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423473/; classtype:trojan-activity;sid:84286573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423474)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.167.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423474/; classtype:trojan-activity;sid:84286574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423475)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.224.0.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423475/; classtype:trojan-activity;sid:84286575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423466)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.167.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423466/; classtype:trojan-activity;sid:84286566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423465)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423465/; classtype:trojan-activity;sid:84286565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.80.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423464/; classtype:trojan-activity;sid:84286564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.233.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423462/; classtype:trojan-activity;sid:84286562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.135.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423463/; classtype:trojan-activity;sid:84286563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.151.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423461/; classtype:trojan-activity;sid:84286561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.255.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423460/; classtype:trojan-activity;sid:84286560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.70.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423459/; classtype:trojan-activity;sid:84286559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.68.142.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423458/; classtype:trojan-activity;sid:84286558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.110.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423457/; classtype:trojan-activity;sid:84286557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423456)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423456/; classtype:trojan-activity;sid:84286556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423451)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423451/; classtype:trojan-activity;sid:84286551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423452)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423452/; classtype:trojan-activity;sid:84286552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423453)"; flow:established,from_client; content:"GET"; http_method; content:"/.sppc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"kurwa.barsoeb.space"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423453/; classtype:trojan-activity;sid:84286553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423454)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"kurwa.barsoeb.space"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423454/; classtype:trojan-activity;sid:84286554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423455)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"kurwa.barsoeb.space"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423455/; classtype:trojan-activity;sid:84286555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423442)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423442/; classtype:trojan-activity;sid:84286542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423443)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"kurwa.barsoeb.space"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423443/; classtype:trojan-activity;sid:84286543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423444)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kurwa.barsoeb.space"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423444/; classtype:trojan-activity;sid:84286544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423445)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"kurwa.barsoeb.space"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423445/; classtype:trojan-activity;sid:84286545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423446)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423446/; classtype:trojan-activity;sid:84286546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423447)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"kurwa.barsoeb.space"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423447/; classtype:trojan-activity;sid:84286547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423448)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kurwa.barsoeb.space"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423448/; classtype:trojan-activity;sid:84286548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423449)"; flow:established,from_client; content:"GET"; http_method; content:"/.sx86"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"kurwa.barsoeb.space"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423449/; classtype:trojan-activity;sid:84286549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423450)"; flow:established,from_client; content:"GET"; http_method; content:"/.smpsl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423450/; classtype:trojan-activity;sid:84286550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423411)"; flow:established,from_client; content:"GET"; http_method; content:"/.sspc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"kurwa.barsoeb.space"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423411/; classtype:trojan-activity;sid:84286511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423412)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"kurwa.barsoeb.space"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423412/; classtype:trojan-activity;sid:84286512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423413)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"kurwa.barsoeb.space"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423413/; classtype:trojan-activity;sid:84286513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423414)"; flow:established,from_client; content:"GET"; http_method; content:"/.sspc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423414/; classtype:trojan-activity;sid:84286514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423415)"; flow:established,from_client; content:"GET"; http_method; content:"/.sx86"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423415/; classtype:trojan-activity;sid:84286515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423416)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423416/; classtype:trojan-activity;sid:84286516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423417)"; flow:established,from_client; content:"GET"; http_method; content:"/.ssh4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423417/; classtype:trojan-activity;sid:84286517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423418)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"kurwa.barsoeb.space"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423418/; classtype:trojan-activity;sid:84286518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423419)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423419/; classtype:trojan-activity;sid:84286519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423420)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423420/; classtype:trojan-activity;sid:84286520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423421)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kurwa.barsoeb.space"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423421/; classtype:trojan-activity;sid:84286521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423422)"; flow:established,from_client; content:"GET"; http_method; content:"/.smpsl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"kurwa.barsoeb.space"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423422/; classtype:trojan-activity;sid:84286522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423423)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423423/; classtype:trojan-activity;sid:84286523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423424)"; flow:established,from_client; content:"GET"; http_method; content:"/.sppc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423424/; classtype:trojan-activity;sid:84286524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423425)"; flow:established,from_client; content:"GET"; http_method; content:"/.ssh4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"kurwa.barsoeb.space"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423425/; classtype:trojan-activity;sid:84286525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423426)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"kurwa.barsoeb.space"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423426/; classtype:trojan-activity;sid:84286526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423427)"; flow:established,from_client; content:"GET"; http_method; content:"/.sm68k"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423427/; classtype:trojan-activity;sid:84286527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423428)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423428/; classtype:trojan-activity;sid:84286528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423429)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423429/; classtype:trojan-activity;sid:84286529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423430)"; flow:established,from_client; content:"GET"; http_method; content:"/.sm68k"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"kurwa.barsoeb.space"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423430/; classtype:trojan-activity;sid:84286530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423431)"; flow:established,from_client; content:"GET"; http_method; content:"/.smips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423431/; classtype:trojan-activity;sid:84286531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423432)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423432/; classtype:trojan-activity;sid:84286532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423433)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423433/; classtype:trojan-activity;sid:84286533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423434)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423434/; classtype:trojan-activity;sid:84286534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423435)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kurwa.barsoeb.space"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423435/; classtype:trojan-activity;sid:84286535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423436)"; flow:established,from_client; content:"GET"; http_method; content:"/.sx86_64"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kurwa.barsoeb.space"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423436/; classtype:trojan-activity;sid:84286536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423437)"; flow:established,from_client; content:"GET"; http_method; content:"/.smips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"kurwa.barsoeb.space"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423437/; classtype:trojan-activity;sid:84286537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423438)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423438/; classtype:trojan-activity;sid:84286538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423439)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"kurwa.barsoeb.space"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423439/; classtype:trojan-activity;sid:84286539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423440)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kurwa.barsoeb.space"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423440/; classtype:trojan-activity;sid:84286540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423441)"; flow:established,from_client; content:"GET"; http_method; content:"/.sx86_64"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423441/; classtype:trojan-activity;sid:84286541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.112.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423410/; classtype:trojan-activity;sid:84286510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.116.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423409/; classtype:trojan-activity;sid:84286509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423408/; classtype:trojan-activity;sid:84286508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.221.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423407/; classtype:trojan-activity;sid:84286507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423406)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.80.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423406/; classtype:trojan-activity;sid:84286506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423397)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jackmyi586"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"bins.freesite.host"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423397/; classtype:trojan-activity;sid:84286497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423398)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jackmymipsel"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"bins.freesite.host"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423398/; classtype:trojan-activity;sid:84286498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423399)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jackmysh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bins.freesite.host"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423399/; classtype:trojan-activity;sid:84286499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423400)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jackmypowerpc"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"bins.freesite.host"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423400/; classtype:trojan-activity;sid:84286500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423401)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jackmyarmv6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"bins.freesite.host"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423401/; classtype:trojan-activity;sid:84286501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423402)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jackmysparc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"bins.freesite.host"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423402/; classtype:trojan-activity;sid:84286502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423403)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jackmyarmv5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"bins.freesite.host"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423403/; classtype:trojan-activity;sid:84286503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423404)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jackmyx86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bins.freesite.host"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423404/; classtype:trojan-activity;sid:84286504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423405)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jackmymips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"bins.freesite.host"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423405/; classtype:trojan-activity;sid:84286505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423395)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jackmym86k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"bins.freesite.host"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423395/; classtype:trojan-activity;sid:84286495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423396)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jackmyarmv4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"bins.freesite.host"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423396/; classtype:trojan-activity;sid:84286496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423394)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jackmypowerpc440"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"bins.freesite.host"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423394/; classtype:trojan-activity;sid:84286494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423393)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jackmyi686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"bins.freesite.host"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423393/; classtype:trojan-activity;sid:84286493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.135.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423392/; classtype:trojan-activity;sid:84286492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423391)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.255.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423391/; classtype:trojan-activity;sid:84286491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.127.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423390/; classtype:trojan-activity;sid:84286490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.191.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423389/; classtype:trojan-activity;sid:84286489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423388)"; flow:established,from_client; content:"GET"; http_method; content:"/003/inst.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"104.168.28.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423388/; classtype:trojan-activity;sid:84286488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.162.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423387/; classtype:trojan-activity;sid:84286487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.110.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423386/; classtype:trojan-activity;sid:84286486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.170.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423385/; classtype:trojan-activity;sid:84286485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.110.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423384/; classtype:trojan-activity;sid:84286484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423383)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.221.98.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423383/; classtype:trojan-activity;sid:84286483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.215.231.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423382/; classtype:trojan-activity;sid:84286482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.16.121.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423381/; classtype:trojan-activity;sid:84286481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.191.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423380/; classtype:trojan-activity;sid:84286480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.37.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423379/; classtype:trojan-activity;sid:84286479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.208.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423378/; classtype:trojan-activity;sid:84286478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.114.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423377/; classtype:trojan-activity;sid:84286477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.3.27.240"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423376/; classtype:trojan-activity;sid:84286476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.127.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423375/; classtype:trojan-activity;sid:84286475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423374)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.63.102.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423374/; classtype:trojan-activity;sid:84286474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.123.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423373/; classtype:trojan-activity;sid:84286473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.27.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423372/; classtype:trojan-activity;sid:84286472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.55.22.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423371/; classtype:trojan-activity;sid:84286471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.57.1.142"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423370/; classtype:trojan-activity;sid:84286470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.123.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423369/; classtype:trojan-activity;sid:84286469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.79.112"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423367/; classtype:trojan-activity;sid:84286467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.83.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423368/; classtype:trojan-activity;sid:84286468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423366)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.245.218.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423366/; classtype:trojan-activity;sid:84286466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.1.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423365/; classtype:trojan-activity;sid:84286465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423363)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bayerngrow.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423363/; classtype:trojan-activity;sid:84286463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423364)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.16.121.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423364/; classtype:trojan-activity;sid:84286464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423362)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.i686"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bayerngrow.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423362/; classtype:trojan-activity;sid:84286462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423360)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bayerngrow.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423360/; classtype:trojan-activity;sid:84286460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423361)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bayerngrow.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423361/; classtype:trojan-activity;sid:84286461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423344)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bayerngrow.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423344/; classtype:trojan-activity;sid:84286444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423345)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"kittlez.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423345/; classtype:trojan-activity;sid:84286445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.123.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423346/; classtype:trojan-activity;sid:84286446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423347)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"kittlez.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423347/; classtype:trojan-activity;sid:84286447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423348)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kittlez.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423348/; classtype:trojan-activity;sid:84286448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423349)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kittlez.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423349/; classtype:trojan-activity;sid:84286449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423350)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.arm4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kittlez.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423350/; classtype:trojan-activity;sid:84286450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423351)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kittlez.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423351/; classtype:trojan-activity;sid:84286451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423352)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bayerngrow.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423352/; classtype:trojan-activity;sid:84286452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423353)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bayerngrow.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423353/; classtype:trojan-activity;sid:84286453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423354)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bayerngrow.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423354/; classtype:trojan-activity;sid:84286454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423355)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"kittlez.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423355/; classtype:trojan-activity;sid:84286455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423356)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.arc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"kittlez.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423356/; classtype:trojan-activity;sid:84286456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423357)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"kittlez.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423357/; classtype:trojan-activity;sid:84286457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423358)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"bayerngrow.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423358/; classtype:trojan-activity;sid:84286458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423359)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bayerngrow.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423359/; classtype:trojan-activity;sid:84286459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423334)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.i486"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bayerngrow.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423334/; classtype:trojan-activity;sid:84286434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423335)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.arc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bayerngrow.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423335/; classtype:trojan-activity;sid:84286435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423336)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kittlez.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423336/; classtype:trojan-activity;sid:84286436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423337)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"kittlez.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423337/; classtype:trojan-activity;sid:84286437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423338)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.arm4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bayerngrow.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423338/; classtype:trojan-activity;sid:84286438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423339)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kittlez.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423339/; classtype:trojan-activity;sid:84286439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423340)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.i686"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kittlez.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423340/; classtype:trojan-activity;sid:84286440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423341)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kittlez.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423341/; classtype:trojan-activity;sid:84286441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423342)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bayerngrow.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423342/; classtype:trojan-activity;sid:84286442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423343)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bayerngrow.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423343/; classtype:trojan-activity;sid:84286443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423333)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.i486"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kittlez.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423333/; classtype:trojan-activity;sid:84286433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423326)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"159.100.22.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423326/; classtype:trojan-activity;sid:84286426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423327)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"159.100.22.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423327/; classtype:trojan-activity;sid:84286427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423328)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"159.100.22.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423328/; classtype:trojan-activity;sid:84286428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423329)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"159.100.22.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423329/; classtype:trojan-activity;sid:84286429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423330)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"159.100.22.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423330/; classtype:trojan-activity;sid:84286430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423331)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"159.100.22.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423331/; classtype:trojan-activity;sid:84286431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423332)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"159.100.22.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423332/; classtype:trojan-activity;sid:84286432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423324)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"159.100.22.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423324/; classtype:trojan-activity;sid:84286424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423325)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"159.100.22.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423325/; classtype:trojan-activity;sid:84286425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423323)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.10.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423323/; classtype:trojan-activity;sid:84286423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423322/; classtype:trojan-activity;sid:84286422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.198.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423320/; classtype:trojan-activity;sid:84286420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423321)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.98.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423321/; classtype:trojan-activity;sid:84286421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423319)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.221.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423319/; classtype:trojan-activity;sid:84286419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423318)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.168.90.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423318/; classtype:trojan-activity;sid:84286418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.27.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423317/; classtype:trojan-activity;sid:84286417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.55.22.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423316/; classtype:trojan-activity;sid:84286416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.211.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423315/; classtype:trojan-activity;sid:84286415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.95.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423314/; classtype:trojan-activity;sid:84286414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423313)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.233.205.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423313/; classtype:trojan-activity;sid:84286413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.95.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423312/; classtype:trojan-activity;sid:84286412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.38.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423311/; classtype:trojan-activity;sid:84286411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.136.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423309/; classtype:trojan-activity;sid:84286409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.170.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423310/; classtype:trojan-activity;sid:84286410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.215.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423306/; classtype:trojan-activity;sid:84286406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.111.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423307/; classtype:trojan-activity;sid:84286407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.42.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423308/; classtype:trojan-activity;sid:84286408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423305)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"159.100.22.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423305/; classtype:trojan-activity;sid:84286405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.180.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423302/; classtype:trojan-activity;sid:84286402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.198.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423303/; classtype:trojan-activity;sid:84286403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.123.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423304/; classtype:trojan-activity;sid:84286404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.164.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423301/; classtype:trojan-activity;sid:84286401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.194.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423300/; classtype:trojan-activity;sid:84286400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.117.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423299/; classtype:trojan-activity;sid:84286399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.154.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423297/; classtype:trojan-activity;sid:84286397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.169.0.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423298/; classtype:trojan-activity;sid:84286398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.177.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423296/; classtype:trojan-activity;sid:84286396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423294)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5.252.177.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423294/; classtype:trojan-activity;sid:84286394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423295)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.mipsel"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.252.177.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423295/; classtype:trojan-activity;sid:84286395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423283)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.i586"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.252.177.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423283/; classtype:trojan-activity;sid:84286383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423284)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.i686"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.252.177.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423284/; classtype:trojan-activity;sid:84286384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423285)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.252.177.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423285/; classtype:trojan-activity;sid:84286385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423286)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.armv4l"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.252.177.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423286/; classtype:trojan-activity;sid:84286386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423287)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.sparc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5.252.177.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423287/; classtype:trojan-activity;sid:84286387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423288)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5.252.177.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423288/; classtype:trojan-activity;sid:84286388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423289)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.armv5l"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.252.177.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423289/; classtype:trojan-activity;sid:84286389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423290)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.powerpc-440fp"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"5.252.177.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423290/; classtype:trojan-activity;sid:84286390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423291)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.252.177.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423291/; classtype:trojan-activity;sid:84286391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423292)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.armv7l"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.252.177.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423292/; classtype:trojan-activity;sid:84286392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423293)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.armv6l"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.252.177.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423293/; classtype:trojan-activity;sid:84286393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423282)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5.252.177.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423282/; classtype:trojan-activity;sid:84286382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423281)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.i486"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.252.177.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423281/; classtype:trojan-activity;sid:84286381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423279)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.229.232.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423279/; classtype:trojan-activity;sid:84286379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423280)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.arm4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.229.232.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423280/; classtype:trojan-activity;sid:84286380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423267)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.arc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"156.229.232.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423267/; classtype:trojan-activity;sid:84286367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423268)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"156.229.232.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423268/; classtype:trojan-activity;sid:84286368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423269)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"156.229.232.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423269/; classtype:trojan-activity;sid:84286369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423270)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.229.232.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423270/; classtype:trojan-activity;sid:84286370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423271)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"156.229.232.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423271/; classtype:trojan-activity;sid:84286371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423272)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.229.232.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423272/; classtype:trojan-activity;sid:84286372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423273)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.i686"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.229.232.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423273/; classtype:trojan-activity;sid:84286373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423274)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.229.232.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423274/; classtype:trojan-activity;sid:84286374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423275)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.229.232.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423275/; classtype:trojan-activity;sid:84286375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423276)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.229.232.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423276/; classtype:trojan-activity;sid:84286376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423277)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"156.229.232.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423277/; classtype:trojan-activity;sid:84286377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423278)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"156.229.232.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423278/; classtype:trojan-activity;sid:84286378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423266)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.i486"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.229.232.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423266/; classtype:trojan-activity;sid:84286366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.90.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423265/; classtype:trojan-activity;sid:84286365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.104.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423264/; classtype:trojan-activity;sid:84286364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.170.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423263/; classtype:trojan-activity;sid:84286363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.78.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423262/; classtype:trojan-activity;sid:84286362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.160.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423261/; classtype:trojan-activity;sid:84286361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.94.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423260/; classtype:trojan-activity;sid:84286360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.148.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423258/; classtype:trojan-activity;sid:84286358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.194.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423259/; classtype:trojan-activity;sid:84286359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423257)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.177.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423257/; classtype:trojan-activity;sid:84286357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.154.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423256/; classtype:trojan-activity;sid:84286356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423255)"; flow:established,from_client; content:"GET"; http_method; content:"/capcha.html"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"verification-user.live"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423255/; classtype:trojan-activity;sid:84286355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.211.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423254/; classtype:trojan-activity;sid:84286354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.208.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423253/; classtype:trojan-activity;sid:84286353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.97.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423252/; classtype:trojan-activity;sid:84286352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423251)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.161.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423251/; classtype:trojan-activity;sid:84286351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.160.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423250/; classtype:trojan-activity;sid:84286350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.104.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423249/; classtype:trojan-activity;sid:84286349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.129.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423247/; classtype:trojan-activity;sid:84286347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.164.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423248/; classtype:trojan-activity;sid:84286348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.30.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423244/; classtype:trojan-activity;sid:84286344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.86.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423245/; classtype:trojan-activity;sid:84286345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423246)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.97.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423246/; classtype:trojan-activity;sid:84286346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.90.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423243/; classtype:trojan-activity;sid:84286343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.36.165.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423242/; classtype:trojan-activity;sid:84286342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.191.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423241/; classtype:trojan-activity;sid:84286341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423240)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.41.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423240/; classtype:trojan-activity;sid:84286340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423238)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.109.205.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423238/; classtype:trojan-activity;sid:84286338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423239)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.82.12"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423239/; classtype:trojan-activity;sid:84286339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423237)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.246.38.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423237/; classtype:trojan-activity;sid:84286337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423236)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423236/; classtype:trojan-activity;sid:84286336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423235)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.182.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423235/; classtype:trojan-activity;sid:84286335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.19.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423233/; classtype:trojan-activity;sid:84286333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423234)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.44.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423234/; classtype:trojan-activity;sid:84286334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.208.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423232/; classtype:trojan-activity;sid:84286332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423231)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.221.24.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423231/; classtype:trojan-activity;sid:84286331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.27.29.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423230/; classtype:trojan-activity;sid:84286330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.134.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423229/; classtype:trojan-activity;sid:84286329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.227.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423228/; classtype:trojan-activity;sid:84286328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423227)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.170.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423227/; classtype:trojan-activity;sid:84286327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423226)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.17.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423226/; classtype:trojan-activity;sid:84286326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.19.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423225/; classtype:trojan-activity;sid:84286325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.24.134.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423223/; classtype:trojan-activity;sid:84286323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.86.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423224/; classtype:trojan-activity;sid:84286324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.36.165.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423222/; classtype:trojan-activity;sid:84286322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.48.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423221/; classtype:trojan-activity;sid:84286321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.117.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423220/; classtype:trojan-activity;sid:84286320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.252.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423219/; classtype:trojan-activity;sid:84286319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423218)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.191.13.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423218/; classtype:trojan-activity;sid:84286318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423217)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.252.177.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423217/; classtype:trojan-activity;sid:84286317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.240.27.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423213/; classtype:trojan-activity;sid:84286313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423214/; classtype:trojan-activity;sid:84286314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423215)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.134.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423215/; classtype:trojan-activity;sid:84286315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.222.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423216/; classtype:trojan-activity;sid:84286316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.85.33.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423212/; classtype:trojan-activity;sid:84286312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.15.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423211/; classtype:trojan-activity;sid:84286311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423210)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.111.198.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423210/; classtype:trojan-activity;sid:84286310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.101.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423209/; classtype:trojan-activity;sid:84286309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423208)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.60.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423208/; classtype:trojan-activity;sid:84286308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.142.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423207/; classtype:trojan-activity;sid:84286307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.88.14.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423206/; classtype:trojan-activity;sid:84286306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.185.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423205/; classtype:trojan-activity;sid:84286305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.134.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423204/; classtype:trojan-activity;sid:84286304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.221.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423203/; classtype:trojan-activity;sid:84286303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423202)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.181.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423202/; classtype:trojan-activity;sid:84286302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423201)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.77.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423201/; classtype:trojan-activity;sid:84286301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423200)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.177.124.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423200/; classtype:trojan-activity;sid:84286300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423199)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.71.5.171"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423199/; classtype:trojan-activity;sid:84286299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.254.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423198/; classtype:trojan-activity;sid:84286298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.15.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423197/; classtype:trojan-activity;sid:84286297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.6.91.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423195/; classtype:trojan-activity;sid:84286295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.227.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423196/; classtype:trojan-activity;sid:84286296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.36.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423194/; classtype:trojan-activity;sid:84286294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.185.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423192/; classtype:trojan-activity;sid:84286292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.4.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423193/; classtype:trojan-activity;sid:84286293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423188)"; flow:established,from_client; content:"GET"; http_method; content:"/chameleon.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"buggi.kliprirob.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423188/; classtype:trojan-activity;sid:84286288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423189)"; flow:established,from_client; content:"GET"; http_method; content:"/zang.psd"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"uggi.kliprirob.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423189/; classtype:trojan-activity;sid:84286289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423190)"; flow:established,from_client; content:"GET"; http_method; content:"/jumpingjack.mp4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"woolav.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423190/; classtype:trojan-activity;sid:84286290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423191)"; flow:established,from_client; content:"GET"; http_method; content:"/provider.png"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"ugg.kliprirob.shop"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423191/; classtype:trojan-activity;sid:84286291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423186)"; flow:established,from_client; content:"GET"; http_method; content:"/matataakuna.mp4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"requinos.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423186/; classtype:trojan-activity;sid:84286286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423187)"; flow:established,from_client; content:"GET"; http_method; content:"/pumpkin.mp4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"sumala.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423187/; classtype:trojan-activity;sid:84286287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.156.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423185/; classtype:trojan-activity;sid:84286285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.57.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423184/; classtype:trojan-activity;sid:84286284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.178.187.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423183/; classtype:trojan-activity;sid:84286283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.36.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423182/; classtype:trojan-activity;sid:84286282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.221.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423181/; classtype:trojan-activity;sid:84286281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.235.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423179/; classtype:trojan-activity;sid:84286279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.4.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423180/; classtype:trojan-activity;sid:84286280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.88.14.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423178/; classtype:trojan-activity;sid:84286278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423177)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.250.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423177/; classtype:trojan-activity;sid:84286277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423176)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.167.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423176/; classtype:trojan-activity;sid:84286276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423175)"; flow:established,from_client; content:"GET"; http_method; content:"/capcha.html"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"recetpcha.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423175/; classtype:trojan-activity;sid:84286275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423174)"; flow:established,from_client; content:"GET"; http_method; content:"/fofo/installer1.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"nt96.kro.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423174/; classtype:trojan-activity;sid:84286274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423173/; classtype:trojan-activity;sid:84286273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.6.91.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423172/; classtype:trojan-activity;sid:84286272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.197.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423170/; classtype:trojan-activity;sid:84286270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.95.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423169/; classtype:trojan-activity;sid:84286269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423168)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.72.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423168/; classtype:trojan-activity;sid:84286268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423166)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"164.163.25.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423166/; classtype:trojan-activity;sid:84286266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423167)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.94.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423167/; classtype:trojan-activity;sid:84286267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.226.201.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423165/; classtype:trojan-activity;sid:84286265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.134.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423164/; classtype:trojan-activity;sid:84286264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423163)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.255.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423163/; classtype:trojan-activity;sid:84286263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.247.113.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423162/; classtype:trojan-activity;sid:84286262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423161/; classtype:trojan-activity;sid:84286261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.51.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423160/; classtype:trojan-activity;sid:84286260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.88.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423159/; classtype:trojan-activity;sid:84286259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.237.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423158/; classtype:trojan-activity;sid:84286258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.55.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423157/; classtype:trojan-activity;sid:84286257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.134.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423156/; classtype:trojan-activity;sid:84286256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423155)"; flow:established,from_client; content:"GET"; http_method; content:"/nvc.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.81.68.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423155/; classtype:trojan-activity;sid:84286255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423153)"; flow:established,from_client; content:"GET"; http_method; content:"/update.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.81.68.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423153/; classtype:trojan-activity;sid:84286253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/bot64.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.81.68.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423154/; classtype:trojan-activity;sid:84286254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423152)"; flow:established,from_client; content:"GET"; http_method; content:"/zx.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.113.115.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423152/; classtype:trojan-activity;sid:84286252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/bot64.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.113.115.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423149/; classtype:trojan-activity;sid:84286249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423150)"; flow:established,from_client; content:"GET"; http_method; content:"/svc.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.113.115.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423150/; classtype:trojan-activity;sid:84286250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423151)"; flow:established,from_client; content:"GET"; http_method; content:"/zx.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.81.68.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423151/; classtype:trojan-activity;sid:84286251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423148)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.45.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423148/; classtype:trojan-activity;sid:84286248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.208.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423147/; classtype:trojan-activity;sid:84286247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.226.201.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423146/; classtype:trojan-activity;sid:84286246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.76.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423145/; classtype:trojan-activity;sid:84286245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423144)"; flow:established,from_client; content:"GET"; http_method; content:"/screensync.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.11.61.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423144/; classtype:trojan-activity;sid:84286244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423143)"; flow:established,from_client; content:"GET"; http_method; content:"/installsetup.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.11.61.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423143/; classtype:trojan-activity;sid:84286243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.113.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423141/; classtype:trojan-activity;sid:84286241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.12.20"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423142/; classtype:trojan-activity;sid:84286242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.18.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423140/; classtype:trojan-activity;sid:84286240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423139)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.200.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423139/; classtype:trojan-activity;sid:84286239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423137)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423137/; classtype:trojan-activity;sid:84286237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423138)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423138/; classtype:trojan-activity;sid:84286238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.0.158"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423136/; classtype:trojan-activity;sid:84286236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.63.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423135/; classtype:trojan-activity;sid:84286235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423132)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.121.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423132/; classtype:trojan-activity;sid:84286232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423133)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.158.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423133/; classtype:trojan-activity;sid:84286233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423134)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.87.118.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423134/; classtype:trojan-activity;sid:84286234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.29.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423131/; classtype:trojan-activity;sid:84286231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.237.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423130/; classtype:trojan-activity;sid:84286230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.230.165.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423129/; classtype:trojan-activity;sid:84286229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"73.106.212.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423128/; classtype:trojan-activity;sid:84286228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.88.71.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423127/; classtype:trojan-activity;sid:84286227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.88.71.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423126/; classtype:trojan-activity;sid:84286226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423125)"; flow:established,from_client; content:"GET"; http_method; content:"/fork/setup.msi"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hq-office.us"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423125/; classtype:trojan-activity;sid:84286225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423124)"; flow:established,from_client; content:"GET"; http_method; content:"/scan/scan_copy_1106658.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"hq-office.us"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423124/; classtype:trojan-activity;sid:84286224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423123)"; flow:established,from_client; content:"GET"; http_method; content:"/fork/setup.msi"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hq-office.us"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423123/; classtype:trojan-activity;sid:84286223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423120)"; flow:established,from_client; content:"GET"; http_method; content:"/scan/scan_copy_1106658.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"hq-office.us"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423120/; classtype:trojan-activity;sid:84286220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423121)"; flow:established,from_client; content:"GET"; http_method; content:"/scan/scan_copy_1106658.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"193.233.72.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423121/; classtype:trojan-activity;sid:84286221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423122)"; flow:established,from_client; content:"GET"; http_method; content:"/fork/setup.msi"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.233.72.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423122/; classtype:trojan-activity;sid:84286222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.228.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423119/; classtype:trojan-activity;sid:84286219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423117)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.101.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423117/; classtype:trojan-activity;sid:84286217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423118)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.81.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423118/; classtype:trojan-activity;sid:84286218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.145.36.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423116/; classtype:trojan-activity;sid:84286216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.24.159.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423114/; classtype:trojan-activity;sid:84286214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.59.98.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423115/; classtype:trojan-activity;sid:84286215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.167.138.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423111/; classtype:trojan-activity;sid:84286211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.144.107.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423112/; classtype:trojan-activity;sid:84286212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.206.77.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423113/; classtype:trojan-activity;sid:84286213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.235.238.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423099/; classtype:trojan-activity;sid:84286199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.255.246.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423100/; classtype:trojan-activity;sid:84286200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.183.26.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423101/; classtype:trojan-activity;sid:84286201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.41.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423102/; classtype:trojan-activity;sid:84286202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.53.20.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423103/; classtype:trojan-activity;sid:84286203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.251.206.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423104/; classtype:trojan-activity;sid:84286204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.237.220.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423105/; classtype:trojan-activity;sid:84286205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.31.56.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423106/; classtype:trojan-activity;sid:84286206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.192.24.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423107/; classtype:trojan-activity;sid:84286207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.218.212.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423108/; classtype:trojan-activity;sid:84286208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.191.171.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423109/; classtype:trojan-activity;sid:84286209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.166.208.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423110/; classtype:trojan-activity;sid:84286210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.19.149.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423092/; classtype:trojan-activity;sid:84286192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.16.45.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423093/; classtype:trojan-activity;sid:84286193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.177.219.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423094/; classtype:trojan-activity;sid:84286194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.207.61.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423095/; classtype:trojan-activity;sid:84286195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.19.137.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423096/; classtype:trojan-activity;sid:84286196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.161.57.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423097/; classtype:trojan-activity;sid:84286197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.176.114.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423098/; classtype:trojan-activity;sid:84286198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.222.127.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423090/; classtype:trojan-activity;sid:84286190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.150.151.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423091/; classtype:trojan-activity;sid:84286191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.223.165.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423087/; classtype:trojan-activity;sid:84286187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.83.158.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423088/; classtype:trojan-activity;sid:84286188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.86.60.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423089/; classtype:trojan-activity;sid:84286189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.174.150.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423086/; classtype:trojan-activity;sid:84286186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.170.128.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423085/; classtype:trojan-activity;sid:84286185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423084)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"212.22.86.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423084/; classtype:trojan-activity;sid:84286184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423075)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"212.22.86.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423075/; classtype:trojan-activity;sid:84286175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423076)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"212.22.86.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423076/; classtype:trojan-activity;sid:84286176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423077)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.sparc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"212.22.86.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423077/; classtype:trojan-activity;sid:84286177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423078)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"212.22.86.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423078/; classtype:trojan-activity;sid:84286178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423079)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"212.22.86.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423079/; classtype:trojan-activity;sid:84286179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423080)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"212.22.86.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423080/; classtype:trojan-activity;sid:84286180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423081)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"212.22.86.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423081/; classtype:trojan-activity;sid:84286181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423082)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"212.22.86.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423082/; classtype:trojan-activity;sid:84286182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423083)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"212.22.86.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423083/; classtype:trojan-activity;sid:84286183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.29.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423074/; classtype:trojan-activity;sid:84286174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.12.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423073/; classtype:trojan-activity;sid:84286173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"73.106.212.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423071/; classtype:trojan-activity;sid:84286171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.29.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423072/; classtype:trojan-activity;sid:84286172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423069)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"183.80.200.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423069/; classtype:trojan-activity;sid:84286169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423070)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"183.80.200.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423070/; classtype:trojan-activity;sid:84286170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423068)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"183.80.200.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423068/; classtype:trojan-activity;sid:84286168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423067)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.182.118.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423067/; classtype:trojan-activity;sid:84286167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423066)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.102.147.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423066/; classtype:trojan-activity;sid:84286166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423063)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.217.102.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423063/; classtype:trojan-activity;sid:84286163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423064)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.123.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423064/; classtype:trojan-activity;sid:84286164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423065)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.123.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423065/; classtype:trojan-activity;sid:84286165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423062)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.71.42.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423062/; classtype:trojan-activity;sid:84286162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423060)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.70.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423060/; classtype:trojan-activity;sid:84286160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423061)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.217.102.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423061/; classtype:trojan-activity;sid:84286161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423054)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"189.222.98.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423054/; classtype:trojan-activity;sid:84286154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423055)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.85.75"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423055/; classtype:trojan-activity;sid:84286155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423056)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.182.116.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423056/; classtype:trojan-activity;sid:84286156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423057)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.50.157.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423057/; classtype:trojan-activity;sid:84286157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423058)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.82.162.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423058/; classtype:trojan-activity;sid:84286158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423059)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.91.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423059/; classtype:trojan-activity;sid:84286159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423045)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.70.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423045/; classtype:trojan-activity;sid:84286145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423046)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.70.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423046/; classtype:trojan-activity;sid:84286146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423047)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.70.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423047/; classtype:trojan-activity;sid:84286147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423048)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.39.191.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423048/; classtype:trojan-activity;sid:84286148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423049)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.70.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423049/; classtype:trojan-activity;sid:84286149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423050)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.70.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423050/; classtype:trojan-activity;sid:84286150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423051)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.70.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423051/; classtype:trojan-activity;sid:84286151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423052)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.156.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423052/; classtype:trojan-activity;sid:84286152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423053)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"197.89.37.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423053/; classtype:trojan-activity;sid:84286153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423044)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.152.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423044/; classtype:trojan-activity;sid:84286144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.230.165.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423043/; classtype:trojan-activity;sid:84286143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.228.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423042/; classtype:trojan-activity;sid:84286142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.233.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423041/; classtype:trojan-activity;sid:84286141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.52.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423040/; classtype:trojan-activity;sid:84286140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.22.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423039/; classtype:trojan-activity;sid:84286139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423038)"; flow:established,from_client; content:"GET"; http_method; content:"/files.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"147.45.198.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423038/; classtype:trojan-activity;sid:84286138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423037)"; flow:established,from_client; content:"GET"; http_method; content:"/confirmm.com/smartsvnconvertersetup.msi"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"62.60.234.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423037/; classtype:trojan-activity;sid:84286137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423036)"; flow:established,from_client; content:"GET"; http_method; content:"/confirmm.com/captcha"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"62.60.234.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423036/; classtype:trojan-activity;sid:84286136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423035)"; flow:established,from_client; content:"GET"; http_method; content:"/dep.md"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"147.45.198.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423035/; classtype:trojan-activity;sid:84286135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.83.173.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423034/; classtype:trojan-activity;sid:84286134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423032)"; flow:established,from_client; content:"GET"; http_method; content:"/bab.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"whats-menu-familiar-zshops.trycloudflare.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423032/; classtype:trojan-activity;sid:84286132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423033)"; flow:established,from_client; content:"GET"; http_method; content:"/ftsp.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"whats-menu-familiar-zshops.trycloudflare.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423033/; classtype:trojan-activity;sid:84286133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423031)"; flow:established,from_client; content:"GET"; http_method; content:"/cam.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"whats-menu-familiar-zshops.trycloudflare.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423031/; classtype:trojan-activity;sid:84286131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423030)"; flow:established,from_client; content:"GET"; http_method; content:"/bab.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"spokesman-disagree-comparing-feeling.trycloudflare.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423030/; classtype:trojan-activity;sid:84286130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423028)"; flow:established,from_client; content:"GET"; http_method; content:"/cam.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"spokesman-disagree-comparing-feeling.trycloudflare.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423028/; classtype:trojan-activity;sid:84286128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423029)"; flow:established,from_client; content:"GET"; http_method; content:"/ftsp.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"spokesman-disagree-comparing-feeling.trycloudflare.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423029/; classtype:trojan-activity;sid:84286129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423020)"; flow:established,from_client; content:"GET"; http_method; content:"/1nv/ys.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"whats-menu-familiar-zshops.trycloudflare.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423020/; classtype:trojan-activity;sid:84286120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423021)"; flow:established,from_client; content:"GET"; http_method; content:"/pstaba/17ysah90384hjsna.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"spokesman-disagree-comparing-feeling.trycloudflare.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423021/; classtype:trojan-activity;sid:84286121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423022)"; flow:established,from_client; content:"GET"; http_method; content:"/pstaba/17ysah90384hjsna.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"whats-menu-familiar-zshops.trycloudflare.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423022/; classtype:trojan-activity;sid:84286122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423023)"; flow:established,from_client; content:"GET"; http_method; content:"/1zatysda/1rjksax83nba.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"whats-menu-familiar-zshops.trycloudflare.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423023/; classtype:trojan-activity;sid:84286123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423024)"; flow:established,from_client; content:"GET"; http_method; content:"/de/17ysah90384hjsna.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"whats-menu-familiar-zshops.trycloudflare.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423024/; classtype:trojan-activity;sid:84286124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423025)"; flow:established,from_client; content:"GET"; http_method; content:"/de/17ysah90384hjsna.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"spokesman-disagree-comparing-feeling.trycloudflare.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423025/; classtype:trojan-activity;sid:84286125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423026)"; flow:established,from_client; content:"GET"; http_method; content:"/1nv/ys.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"spokesman-disagree-comparing-feeling.trycloudflare.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423026/; classtype:trojan-activity;sid:84286126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423027)"; flow:established,from_client; content:"GET"; http_method; content:"/3ysbk09rtya/3ys7302120481_scan_pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"spokesman-disagree-comparing-feeling.trycloudflare.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423027/; classtype:trojan-activity;sid:84286127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423018)"; flow:established,from_client; content:"GET"; http_method; content:"/1zatysda/1rjksax83nba.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"spokesman-disagree-comparing-feeling.trycloudflare.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423018/; classtype:trojan-activity;sid:84286118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423019)"; flow:established,from_client; content:"GET"; http_method; content:"/3ysbk09rtya/3ys7302120481_scan_pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"whats-menu-familiar-zshops.trycloudflare.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423019/; classtype:trojan-activity;sid:84286119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423012)"; flow:established,from_client; content:"GET"; http_method; content:"/startuppp.bat"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"whats-menu-familiar-zshops.trycloudflare.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423012/; classtype:trojan-activity;sid:84286112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423013)"; flow:established,from_client; content:"GET"; http_method; content:"/startuppp.bat"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"spokesman-disagree-comparing-feeling.trycloudflare.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423013/; classtype:trojan-activity;sid:84286113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423014)"; flow:established,from_client; content:"GET"; http_method; content:"/55.js"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"whats-menu-familiar-zshops.trycloudflare.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423014/; classtype:trojan-activity;sid:84286114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423015)"; flow:established,from_client; content:"GET"; http_method; content:"/55.js"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"spokesman-disagree-comparing-feeling.trycloudflare.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423015/; classtype:trojan-activity;sid:84286115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423016)"; flow:established,from_client; content:"GET"; http_method; content:"/new.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"spokesman-disagree-comparing-feeling.trycloudflare.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423016/; classtype:trojan-activity;sid:84286116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423017)"; flow:established,from_client; content:"GET"; http_method; content:"/new.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"whats-menu-familiar-zshops.trycloudflare.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423017/; classtype:trojan-activity;sid:84286117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423011)"; flow:established,from_client; content:"GET"; http_method; content:"/bestbook.pdf"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"news6.oss-ap-northeast-1.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423011/; classtype:trojan-activity;sid:84286111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.54.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423010/; classtype:trojan-activity;sid:84286110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.7.231"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423009/; classtype:trojan-activity;sid:84286109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.52.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423008/; classtype:trojan-activity;sid:84286108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423007)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.5.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423007/; classtype:trojan-activity;sid:84286107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423006)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.25.132.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423006/; classtype:trojan-activity;sid:84286106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.110.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423004/; classtype:trojan-activity;sid:84286104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.224.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423005/; classtype:trojan-activity;sid:84286105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.83.173.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423003/; classtype:trojan-activity;sid:84286103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423002)"; flow:established,from_client; content:"GET"; http_method; content:"/en/revenue-agency.html"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"cracanada.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423002/; classtype:trojan-activity;sid:84286102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.217.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423001/; classtype:trojan-activity;sid:84286101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.54.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423000/; classtype:trojan-activity;sid:84286100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.169.0.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422999/; classtype:trojan-activity;sid:84286099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.24.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422998/; classtype:trojan-activity;sid:84286098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.110.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422997/; classtype:trojan-activity;sid:84286097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422975)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422975/; classtype:trojan-activity;sid:84286075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422976)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422976/; classtype:trojan-activity;sid:84286076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422977)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jklx86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422977/; classtype:trojan-activity;sid:84286077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422978)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nabmpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422978/; classtype:trojan-activity;sid:84286078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422979)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/splx86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422979/; classtype:trojan-activity;sid:84286079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422980)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422980/; classtype:trojan-activity;sid:84286080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422981)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422981/; classtype:trojan-activity;sid:84286081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422982)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422982/; classtype:trojan-activity;sid:84286082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422983)"; flow:established,from_client; content:"GET"; http_method; content:"/splm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422983/; classtype:trojan-activity;sid:84286083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422984)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nklmips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422984/; classtype:trojan-activity;sid:84286084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422985)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zersh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422985/; classtype:trojan-activity;sid:84286085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422986)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422986/; classtype:trojan-activity;sid:84286086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422987)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422987/; classtype:trojan-activity;sid:84286087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422988)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zermips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422988/; classtype:trojan-activity;sid:84286088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422989)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422989/; classtype:trojan-activity;sid:84286089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422990)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422990/; classtype:trojan-activity;sid:84286090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422991)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/splppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422991/; classtype:trojan-activity;sid:84286091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422992)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422992/; classtype:trojan-activity;sid:84286092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422993)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nklx86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422993/; classtype:trojan-activity;sid:84286093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422994)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zerarm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422994/; classtype:trojan-activity;sid:84286094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422995)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422995/; classtype:trojan-activity;sid:84286095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422996)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422996/; classtype:trojan-activity;sid:84286096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422965)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/splm68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422965/; classtype:trojan-activity;sid:84286065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422966)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422966/; classtype:trojan-activity;sid:84286066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422967)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422967/; classtype:trojan-activity;sid:84286067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422968)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422968/; classtype:trojan-activity;sid:84286068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422969)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422969/; classtype:trojan-activity;sid:84286069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422970)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422970/; classtype:trojan-activity;sid:84286070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422971)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422971/; classtype:trojan-activity;sid:84286071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422972)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zerarm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422972/; classtype:trojan-activity;sid:84286072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422973)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nabppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422973/; classtype:trojan-activity;sid:84286073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422974)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422974/; classtype:trojan-activity;sid:84286074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422959)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422959/; classtype:trojan-activity;sid:84286059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422960)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422960/; classtype:trojan-activity;sid:84286060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422961)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422961/; classtype:trojan-activity;sid:84286061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422962)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422962/; classtype:trojan-activity;sid:84286062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422963)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422963/; classtype:trojan-activity;sid:84286063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422964)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jklsh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422964/; classtype:trojan-activity;sid:84286064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422953)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422953/; classtype:trojan-activity;sid:84286053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422954)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zerppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422954/; classtype:trojan-activity;sid:84286054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422955)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422955/; classtype:trojan-activity;sid:84286055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422956)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nklarm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422956/; classtype:trojan-activity;sid:84286056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422957)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/splmpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422957/; classtype:trojan-activity;sid:84286057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422958)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422958/; classtype:trojan-activity;sid:84286058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422949)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.132.236.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422949/; classtype:trojan-activity;sid:84286049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422950)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jklmpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422950/; classtype:trojan-activity;sid:84286050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422951)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nklm68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422951/; classtype:trojan-activity;sid:84286051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422952)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422952/; classtype:trojan-activity;sid:84286052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422935)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422935/; classtype:trojan-activity;sid:84286035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422936)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422936/; classtype:trojan-activity;sid:84286036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422937)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zerspc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422937/; classtype:trojan-activity;sid:84286037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422938)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422938/; classtype:trojan-activity;sid:84286038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422939)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422939/; classtype:trojan-activity;sid:84286039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422940)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jklarm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422940/; classtype:trojan-activity;sid:84286040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422941)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422941/; classtype:trojan-activity;sid:84286041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422942)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nabarm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422942/; classtype:trojan-activity;sid:84286042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422943)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422943/; classtype:trojan-activity;sid:84286043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422944)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/splspc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422944/; classtype:trojan-activity;sid:84286044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422945)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422945/; classtype:trojan-activity;sid:84286045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422946)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422946/; classtype:trojan-activity;sid:84286046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422947)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422947/; classtype:trojan-activity;sid:84286047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422948)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422948/; classtype:trojan-activity;sid:84286048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422924)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422924/; classtype:trojan-activity;sid:84286024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422925)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nklarm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422925/; classtype:trojan-activity;sid:84286025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422926)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nabsh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422926/; classtype:trojan-activity;sid:84286026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422927)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422927/; classtype:trojan-activity;sid:84286027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422928)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nklarm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422928/; classtype:trojan-activity;sid:84286028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422929)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422929/; classtype:trojan-activity;sid:84286029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422930)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422930/; classtype:trojan-activity;sid:84286030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422931)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422931/; classtype:trojan-activity;sid:84286031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422932)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jklspc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422932/; classtype:trojan-activity;sid:84286032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422933)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422933/; classtype:trojan-activity;sid:84286033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422934)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jklarm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422934/; classtype:trojan-activity;sid:84286034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422921)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422921/; classtype:trojan-activity;sid:84286021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422922)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nklsh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422922/; classtype:trojan-activity;sid:84286022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422923)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422923/; classtype:trojan-activity;sid:84286023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422918)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422918/; classtype:trojan-activity;sid:84286018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422919)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422919/; classtype:trojan-activity;sid:84286019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422920)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nklppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422920/; classtype:trojan-activity;sid:84286020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422910)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zerarm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422910/; classtype:trojan-activity;sid:84286010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422911)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422911/; classtype:trojan-activity;sid:84286011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422912)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422912/; classtype:trojan-activity;sid:84286012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422913)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/splsh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422913/; classtype:trojan-activity;sid:84286013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422914)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zerarm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422914/; classtype:trojan-activity;sid:84286014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422915)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422915/; classtype:trojan-activity;sid:84286015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422916)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jklarm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422916/; classtype:trojan-activity;sid:84286016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422917)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nabx86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422917/; classtype:trojan-activity;sid:84286017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422896)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nabspc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422896/; classtype:trojan-activity;sid:84285996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422897)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422897/; classtype:trojan-activity;sid:84285997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422898)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zerm68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422898/; classtype:trojan-activity;sid:84285998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422899)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nklarm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422899/; classtype:trojan-activity;sid:84285999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422900)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422900/; classtype:trojan-activity;sid:84286000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422901)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nabm68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422901/; classtype:trojan-activity;sid:84286001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422902)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/splmips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422902/; classtype:trojan-activity;sid:84286002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422903)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422903/; classtype:trojan-activity;sid:84286003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422904)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422904/; classtype:trojan-activity;sid:84286004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422905)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jklarm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422905/; classtype:trojan-activity;sid:84286005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422906)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/splarm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422906/; classtype:trojan-activity;sid:84286006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422907)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jklppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422907/; classtype:trojan-activity;sid:84286007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422908)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nabarm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422908/; classtype:trojan-activity;sid:84286008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422909)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422909/; classtype:trojan-activity;sid:84286009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422886)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zermpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422886/; classtype:trojan-activity;sid:84285986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422887)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422887/; classtype:trojan-activity;sid:84285987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422888)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422888/; classtype:trojan-activity;sid:84285988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422889)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nabarm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422889/; classtype:trojan-activity;sid:84285989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422890)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/splarm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422890/; classtype:trojan-activity;sid:84285990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422891)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nabarm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422891/; classtype:trojan-activity;sid:84285991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422892)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422892/; classtype:trojan-activity;sid:84285992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422893)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nabmips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422893/; classtype:trojan-activity;sid:84285993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422894)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422894/; classtype:trojan-activity;sid:84285994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422895)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zerx86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422895/; classtype:trojan-activity;sid:84285995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422882)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jklm68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422882/; classtype:trojan-activity;sid:84285982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422883)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jklmips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422883/; classtype:trojan-activity;sid:84285983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422884)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422884/; classtype:trojan-activity;sid:84285984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422885)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nklspc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422885/; classtype:trojan-activity;sid:84285985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422880)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422880/; classtype:trojan-activity;sid:84285980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422881)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422881/; classtype:trojan-activity;sid:84285981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422878)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/splarm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422878/; classtype:trojan-activity;sid:84285978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422879)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422879/; classtype:trojan-activity;sid:84285979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422867)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422867/; classtype:trojan-activity;sid:84285967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422868)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422868/; classtype:trojan-activity;sid:84285968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422869)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/splarm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422869/; classtype:trojan-activity;sid:84285969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422870)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422870/; classtype:trojan-activity;sid:84285970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422871)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422871/; classtype:trojan-activity;sid:84285971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422872)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422872/; classtype:trojan-activity;sid:84285972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422873)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422873/; classtype:trojan-activity;sid:84285973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422874)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422874/; classtype:trojan-activity;sid:84285974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422875)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422875/; classtype:trojan-activity;sid:84285975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422876)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422876/; classtype:trojan-activity;sid:84285976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422877)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nklmpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422877/; classtype:trojan-activity;sid:84285977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.224.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422866/; classtype:trojan-activity;sid:84285966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.205.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422865/; classtype:trojan-activity;sid:84285965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422864)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.103.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422864/; classtype:trojan-activity;sid:84285964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.228.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422863/; classtype:trojan-activity;sid:84285963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.68.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422862/; classtype:trojan-activity;sid:84285962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422860)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.134.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422860/; classtype:trojan-activity;sid:84285960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.246.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422861/; classtype:trojan-activity;sid:84285961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.185.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422859/; classtype:trojan-activity;sid:84285959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.185.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422858/; classtype:trojan-activity;sid:84285958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.162.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422857/; classtype:trojan-activity;sid:84285957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.50.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422856/; classtype:trojan-activity;sid:84285956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.37.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422854/; classtype:trojan-activity;sid:84285954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.26.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422855/; classtype:trojan-activity;sid:84285955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.122.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422852/; classtype:trojan-activity;sid:84285952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.208.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422853/; classtype:trojan-activity;sid:84285953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422851)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/kkn/normalwaytogivebesthingswhichgivenbest.gif"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"107.172.148.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422851/; classtype:trojan-activity;sid:84285951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422850)"; flow:established,from_client; content:"GET"; http_method; content:"/235/suwce.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"23.94.80.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422850/; classtype:trojan-activity;sid:84285950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422848)"; flow:established,from_client; content:"GET"; http_method; content:"/690/cswss.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"23.94.80.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422848/; classtype:trojan-activity;sid:84285948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422849)"; flow:established,from_client; content:"GET"; http_method; content:"/250/decn.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"23.94.80.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422849/; classtype:trojan-activity;sid:84285949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.59.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422847/; classtype:trojan-activity;sid:84285947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.254.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422846/; classtype:trojan-activity;sid:84285946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.142.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422844/; classtype:trojan-activity;sid:84285944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.54.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422845/; classtype:trojan-activity;sid:84285945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.29.145"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422843/; classtype:trojan-activity;sid:84285943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422842)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422842/; classtype:trojan-activity;sid:84285942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422839)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.5.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422839/; classtype:trojan-activity;sid:84285939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422840)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.127.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422840/; classtype:trojan-activity;sid:84285940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422841)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.71.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422841/; classtype:trojan-activity;sid:84285941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.162.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422837/; classtype:trojan-activity;sid:84285937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.214.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422838/; classtype:trojan-activity;sid:84285938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422836)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/kkn/nsoo/givemebestoutputwithfreemindgoodforentiregood.hta"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"107.172.148.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422836/; classtype:trojan-activity;sid:84285936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422835)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/bnk/greatdaystartedwithgreatmagicalthingspostedgood.hta"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"23.94.80.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422835/; classtype:trojan-activity;sid:84285935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422834)"; flow:established,from_client; content:"GET"; http_method; content:"/790/suma/sheknowthathowinnocentpersoniamaroundthetimeofglobalthingscomeingfor.hta"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"172.245.123.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422834/; classtype:trojan-activity;sid:84285934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422832)"; flow:established,from_client; content:"GET"; http_method; content:"/744/shewe/nicegirlgivenmebestthingswithentiretimegoodfor.hta"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"172.245.123.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422832/; classtype:trojan-activity;sid:84285932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422833)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.37.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422833/; classtype:trojan-activity;sid:84285933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.77.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422831/; classtype:trojan-activity;sid:84285931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.26.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422830/; classtype:trojan-activity;sid:84285930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.208.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422828/; classtype:trojan-activity;sid:84285928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.122.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422829/; classtype:trojan-activity;sid:84285929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422827)"; flow:established,from_client; content:"GET"; http_method; content:"/deepseek.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"deepsek.icu"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422827/; classtype:trojan-activity;sid:84285927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.29.145"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422826/; classtype:trojan-activity;sid:84285926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.125.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422825/; classtype:trojan-activity;sid:84285925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.173.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422824/; classtype:trojan-activity;sid:84285924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.139.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422823/; classtype:trojan-activity;sid:84285923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.26.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422822/; classtype:trojan-activity;sid:84285922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422821)"; flow:established,from_client; content:"GET"; http_method; content:"/cool/setup_x64.msi"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"lnbox.info"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422821/; classtype:trojan-activity;sid:84285921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.54.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422820/; classtype:trojan-activity;sid:84285920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.195.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422819/; classtype:trojan-activity;sid:84285919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.125.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422818/; classtype:trojan-activity;sid:84285918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.247.88.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422817/; classtype:trojan-activity;sid:84285917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.59.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422816/; classtype:trojan-activity;sid:84285916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.137.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422815/; classtype:trojan-activity;sid:84285915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.29.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422814/; classtype:trojan-activity;sid:84285914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422813)"; flow:established,from_client; content:"GET"; http_method; content:"/arm|3f|ddos"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422813/; classtype:trojan-activity;sid:84285913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422812)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.126.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422812/; classtype:trojan-activity;sid:84285912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.88.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422811/; classtype:trojan-activity;sid:84285911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.208.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422810/; classtype:trojan-activity;sid:84285910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422809)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422809/; classtype:trojan-activity;sid:84285909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422808)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.0.217.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422808/; classtype:trojan-activity;sid:84285908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422807)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422807/; classtype:trojan-activity;sid:84285907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422806)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422806/; classtype:trojan-activity;sid:84285906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422805)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422805/; classtype:trojan-activity;sid:84285905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422802)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.142.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422802/; classtype:trojan-activity;sid:84285902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422803)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.84.77.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422803/; classtype:trojan-activity;sid:84285903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422804)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.14.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422804/; classtype:trojan-activity;sid:84285904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422800)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.74.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422800/; classtype:trojan-activity;sid:84285900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422801)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.205.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422801/; classtype:trojan-activity;sid:84285901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422799)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.230.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422799/; classtype:trojan-activity;sid:84285899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.15.54"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422798/; classtype:trojan-activity;sid:84285898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.89.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422797/; classtype:trojan-activity;sid:84285897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422796)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.72.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422796/; classtype:trojan-activity;sid:84285896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422795)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.80.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422795/; classtype:trojan-activity;sid:84285895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.29.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422794/; classtype:trojan-activity;sid:84285894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.126.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422793/; classtype:trojan-activity;sid:84285893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.220.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422792/; classtype:trojan-activity;sid:84285892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422791)"; flow:established,from_client; content:"GET"; http_method; content:"/awjsx.captcha"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"solve.vjgh.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422791/; classtype:trojan-activity;sid:84285891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.50.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422790/; classtype:trojan-activity;sid:84285890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.219.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422789/; classtype:trojan-activity;sid:84285889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.157.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422787/; classtype:trojan-activity;sid:84285887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.154.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422788/; classtype:trojan-activity;sid:84285888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422784)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422784/; classtype:trojan-activity;sid:84285884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422785)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422785/; classtype:trojan-activity;sid:84285885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422786)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422786/; classtype:trojan-activity;sid:84285886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.120.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422783/; classtype:trojan-activity;sid:84285883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.15.54"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422782/; classtype:trojan-activity;sid:84285882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422781)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/tffoti.msi"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422781/; classtype:trojan-activity;sid:84285881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422776)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/document-order.%e2%80%aexcod.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422776/; classtype:trojan-activity;sid:84285876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422777)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/purchase-order-document.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422777/; classtype:trojan-activity;sid:84285877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422778)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/document%20.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422778/; classtype:trojan-activity;sid:84285878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422779)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/products.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422779/; classtype:trojan-activity;sid:84285879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422780)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/document-order-31-01-2025.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422780/; classtype:trojan-activity;sid:84285880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422772)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/products-documents.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422772/; classtype:trojan-activity;sid:84285872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422773)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/document%20materials.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422773/; classtype:trojan-activity;sid:84285873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422774)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/purchase%20order%20files.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422774/; classtype:trojan-activity;sid:84285874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422775)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/documents.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422775/; classtype:trojan-activity;sid:84285875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422759)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/kqgbsq.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422759/; classtype:trojan-activity;sid:84285859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422760)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/vlbzlr.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422760/; classtype:trojan-activity;sid:84285860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422761)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/tzkteh.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422761/; classtype:trojan-activity;sid:84285861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422762)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/qaljhj.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422762/; classtype:trojan-activity;sid:84285862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422763)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/rmwugd.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422763/; classtype:trojan-activity;sid:84285863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422764)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/kpnhqc.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422764/; classtype:trojan-activity;sid:84285864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422765)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/uhiqjr.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422765/; classtype:trojan-activity;sid:84285865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422766)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/prhzqs.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422766/; classtype:trojan-activity;sid:84285866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422767)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/tffoti.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422767/; classtype:trojan-activity;sid:84285867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422768)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/ewsmnm.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422768/; classtype:trojan-activity;sid:84285868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422769)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/kveyzm.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422769/; classtype:trojan-activity;sid:84285869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422770)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/wbjouo.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422770/; classtype:trojan-activity;sid:84285870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422771)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/jkhczz.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422771/; classtype:trojan-activity;sid:84285871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422750)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/ecyofv.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422750/; classtype:trojan-activity;sid:84285850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422751)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/naeywx.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422751/; classtype:trojan-activity;sid:84285851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422752)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/zmefar.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422752/; classtype:trojan-activity;sid:84285852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422753)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/pliezk.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422753/; classtype:trojan-activity;sid:84285853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422754)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/kpiolg.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422754/; classtype:trojan-activity;sid:84285854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422755)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/products.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422755/; classtype:trojan-activity;sid:84285855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422756)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/aobrwg.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422756/; classtype:trojan-activity;sid:84285856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422757)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/xuhqcl.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422757/; classtype:trojan-activity;sid:84285857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422758)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/dpiklw.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422758/; classtype:trojan-activity;sid:84285858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422748)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/vzemdm.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422748/; classtype:trojan-activity;sid:84285848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422749)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/vkpqyq.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422749/; classtype:trojan-activity;sid:84285849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422743)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/ujgfye.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422743/; classtype:trojan-activity;sid:84285843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422744)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/hcquaf.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422744/; classtype:trojan-activity;sid:84285844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422745)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/hlhjkz.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422745/; classtype:trojan-activity;sid:84285845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422746)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/sicafv.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422746/; classtype:trojan-activity;sid:84285846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422747)"; flow:established,from_client; content:"GET"; http_method; content:"/lp8feqn2c8wurlgy9azex17/seovwv.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"filedn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422747/; classtype:trojan-activity;sid:84285847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.193.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422742/; classtype:trojan-activity;sid:84285842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.220.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422741/; classtype:trojan-activity;sid:84285841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.94.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422740/; classtype:trojan-activity;sid:84285840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.89.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422739/; classtype:trojan-activity;sid:84285839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422738)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.179.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422738/; classtype:trojan-activity;sid:84285838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422737)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.170.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422737/; classtype:trojan-activity;sid:84285837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.219.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422736/; classtype:trojan-activity;sid:84285836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422735)"; flow:established,from_client; content:"GET"; http_method; content:"/files/sql_gulong/random.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422735/; classtype:trojan-activity;sid:84285835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.193.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422733/; classtype:trojan-activity;sid:84285833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422734)"; flow:established,from_client; content:"GET"; http_method; content:"/files/notfinancing/random.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422734/; classtype:trojan-activity;sid:84285834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.193.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422732/; classtype:trojan-activity;sid:84285832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.25.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422728/; classtype:trojan-activity;sid:84285828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422729)"; flow:established,from_client; content:"GET"; http_method; content:"/120/seethebestthingsforentiretimegivenmebestforme.gif"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"104.168.7.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422729/; classtype:trojan-activity;sid:84285829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422730)"; flow:established,from_client; content:"GET"; http_method; content:"/340/sheisverybeautifulgirlifounfeverformetogiveherebestthings.gif"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"192.3.26.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422730/; classtype:trojan-activity;sid:84285830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422731)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.84.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422731/; classtype:trojan-activity;sid:84285831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.157.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422727/; classtype:trojan-activity;sid:84285827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.120.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422726/; classtype:trojan-activity;sid:84285826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.190.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422725/; classtype:trojan-activity;sid:84285825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.210.224.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422724/; classtype:trojan-activity;sid:84285824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.12.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422723/; classtype:trojan-activity;sid:84285823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.86.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422722/; classtype:trojan-activity;sid:84285822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.25.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422721/; classtype:trojan-activity;sid:84285821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.138.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422720/; classtype:trojan-activity;sid:84285820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422718/; classtype:trojan-activity;sid:84285818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.193.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422719/; classtype:trojan-activity;sid:84285819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.33.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422717/; classtype:trojan-activity;sid:84285817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.6.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422714/; classtype:trojan-activity;sid:84285814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.80.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422715/; classtype:trojan-activity;sid:84285815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.138.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422716/; classtype:trojan-activity;sid:84285816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422713/; classtype:trojan-activity;sid:84285813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.19.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422711/; classtype:trojan-activity;sid:84285811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422712)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.147.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422712/; classtype:trojan-activity;sid:84285812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.142.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422710/; classtype:trojan-activity;sid:84285810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.172.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422709/; classtype:trojan-activity;sid:84285809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422708/; classtype:trojan-activity;sid:84285808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.19.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422707/; classtype:trojan-activity;sid:84285807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.215.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422706/; classtype:trojan-activity;sid:84285806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.6.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422705/; classtype:trojan-activity;sid:84285805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.249.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422704/; classtype:trojan-activity;sid:84285804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.55.179.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422703/; classtype:trojan-activity;sid:84285803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.162.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422702/; classtype:trojan-activity;sid:84285802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.176.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422701/; classtype:trojan-activity;sid:84285801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.106.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422700/; classtype:trojan-activity;sid:84285800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.68.153.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422699/; classtype:trojan-activity;sid:84285799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.244.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422697/; classtype:trojan-activity;sid:84285797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.148.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422698/; classtype:trojan-activity;sid:84285798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.78.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422696/; classtype:trojan-activity;sid:84285796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.49.86.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422695/; classtype:trojan-activity;sid:84285795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422694)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.116.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422694/; classtype:trojan-activity;sid:84285794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.215.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422693/; classtype:trojan-activity;sid:84285793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.55.179.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422692/; classtype:trojan-activity;sid:84285792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.113.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422691/; classtype:trojan-activity;sid:84285791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422688)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.143.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422688/; classtype:trojan-activity;sid:84285788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.111.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422689/; classtype:trojan-activity;sid:84285789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.248.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422690/; classtype:trojan-activity;sid:84285790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.68.153.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422687/; classtype:trojan-activity;sid:84285787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.208.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422686/; classtype:trojan-activity;sid:84285786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.60.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422685/; classtype:trojan-activity;sid:84285785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.248.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422684/; classtype:trojan-activity;sid:84285784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422682)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.190.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422682/; classtype:trojan-activity;sid:84285782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422683)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.249.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422683/; classtype:trojan-activity;sid:84285783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422681)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.59.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422681/; classtype:trojan-activity;sid:84285781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422680)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.1.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422680/; classtype:trojan-activity;sid:84285780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422679)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422679/; classtype:trojan-activity;sid:84285779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.235.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422677/; classtype:trojan-activity;sid:84285777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422678)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.164.248.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422678/; classtype:trojan-activity;sid:84285778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.68.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422676/; classtype:trojan-activity;sid:84285776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.111.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422675/; classtype:trojan-activity;sid:84285775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.221.208.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422674/; classtype:trojan-activity;sid:84285774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.186.216.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422673/; classtype:trojan-activity;sid:84285773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.60.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422672/; classtype:trojan-activity;sid:84285772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.80.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422671/; classtype:trojan-activity;sid:84285771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.226.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422670/; classtype:trojan-activity;sid:84285770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422669)"; flow:established,from_client; content:"GET"; http_method; content:"/245_dkexwtykvxt"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"hlag.cc"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422669/; classtype:trojan-activity;sid:84285769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.194.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422667/; classtype:trojan-activity;sid:84285767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.7.20"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422668/; classtype:trojan-activity;sid:84285768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422666)"; flow:established,from_client; content:"GET"; http_method; content:"/capcha.html"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"anti-robot-check.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422666/; classtype:trojan-activity;sid:84285766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.103.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422665/; classtype:trojan-activity;sid:84285765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422664)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.68.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422664/; classtype:trojan-activity;sid:84285764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.15.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422663/; classtype:trojan-activity;sid:84285763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422662)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.247.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422662/; classtype:trojan-activity;sid:84285762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.177.28.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422661/; classtype:trojan-activity;sid:84285761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.194.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422660/; classtype:trojan-activity;sid:84285760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.87.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422659/; classtype:trojan-activity;sid:84285759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.147.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422658/; classtype:trojan-activity;sid:84285758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.218.164.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422657/; classtype:trojan-activity;sid:84285757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.186.216.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422656/; classtype:trojan-activity;sid:84285756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422655)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.45.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422655/; classtype:trojan-activity;sid:84285755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422654)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.237.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422654/; classtype:trojan-activity;sid:84285754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422653)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.36.148.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422653/; classtype:trojan-activity;sid:84285753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.155.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422652/; classtype:trojan-activity;sid:84285752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422651)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.239.34.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422651/; classtype:trojan-activity;sid:84285751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.132.157.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422650/; classtype:trojan-activity;sid:84285750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.129.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422649/; classtype:trojan-activity;sid:84285749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.238.0.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422648/; classtype:trojan-activity;sid:84285748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.159.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422647/; classtype:trojan-activity;sid:84285747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.227.113.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422646/; classtype:trojan-activity;sid:84285746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.147.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422644/; classtype:trojan-activity;sid:84285744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.15.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422645/; classtype:trojan-activity;sid:84285745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.85.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422643/; classtype:trojan-activity;sid:84285743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422641)"; flow:established,from_client; content:"GET"; http_method; content:"/54/buh/bh/shegivenmebestthingsentietimetogivenmebesthings______betterthingswithbetterwaygetbackwithgreatforme__________bestthingsbetterthingstniertieme.doc"; http_uri; depth:156; isdataat:!1,relative; nocase; content:"152.228.229.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422641/; classtype:trojan-activity;sid:84285741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422642)"; flow:established,from_client; content:"GET"; http_method; content:"/301/creamissingfaloververynicewithentireitimegtogetmelsee.gif"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"152.228.229.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422642/; classtype:trojan-activity;sid:84285742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422640)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"180.115.176.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422640/; classtype:trojan-activity;sid:84285740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422635)"; flow:established,from_client; content:"GET"; http_method; content:"/a.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.7.214.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422635/; classtype:trojan-activity;sid:84285735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.25.223.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422636/; classtype:trojan-activity;sid:84285736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422637)"; flow:established,from_client; content:"GET"; http_method; content:"/awjsx.captcha"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"solve.xclb.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422637/; classtype:trojan-activity;sid:84285737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422638)"; flow:established,from_client; content:"GET"; http_method; content:"/awjsx.captcha"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"solve.wbth.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422638/; classtype:trojan-activity;sid:84285738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422633)"; flow:established,from_client; content:"GET"; http_method; content:"/pb0l"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"free-spirit-reiki.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422633/; classtype:trojan-activity;sid:84285733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422634)"; flow:established,from_client; content:"GET"; http_method; content:"/capcha.html"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"check-antibot-v3.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422634/; classtype:trojan-activity;sid:84285734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.58.110.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422632/; classtype:trojan-activity;sid:84285732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422631)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.99.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422631/; classtype:trojan-activity;sid:84285731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422629)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.163.215.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422629/; classtype:trojan-activity;sid:84285729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422630)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422630/; classtype:trojan-activity;sid:84285730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.157.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422628/; classtype:trojan-activity;sid:84285728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.15.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422627/; classtype:trojan-activity;sid:84285727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.238.0.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422626/; classtype:trojan-activity;sid:84285726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.46.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422625/; classtype:trojan-activity;sid:84285725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.12.202.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422624/; classtype:trojan-activity;sid:84285724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422623)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.212.133.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422623/; classtype:trojan-activity;sid:84285723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422622)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.115.76.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422622/; classtype:trojan-activity;sid:84285722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422621)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.247.88.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422621/; classtype:trojan-activity;sid:84285721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.167.101.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422620/; classtype:trojan-activity;sid:84285720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.27.199.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422619/; classtype:trojan-activity;sid:84285719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.233.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422618/; classtype:trojan-activity;sid:84285718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.248.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422617/; classtype:trojan-activity;sid:84285717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422616)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.110.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422616/; classtype:trojan-activity;sid:84285716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.95.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422615/; classtype:trojan-activity;sid:84285715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422614)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.128.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422614/; classtype:trojan-activity;sid:84285714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.137.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422613/; classtype:trojan-activity;sid:84285713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.202.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422612/; classtype:trojan-activity;sid:84285712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.245.55.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422610/; classtype:trojan-activity;sid:84285710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.29.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422611/; classtype:trojan-activity;sid:84285711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.94.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422609/; classtype:trojan-activity;sid:84285709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.121.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422608/; classtype:trojan-activity;sid:84285708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.233.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422607/; classtype:trojan-activity;sid:84285707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.66.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422606/; classtype:trojan-activity;sid:84285706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.248.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422605/; classtype:trojan-activity;sid:84285705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.80.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422604/; classtype:trojan-activity;sid:84285704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.191.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422603/; classtype:trojan-activity;sid:84285703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.106.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422602/; classtype:trojan-activity;sid:84285702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422601)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.253.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422601/; classtype:trojan-activity;sid:84285701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.128.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422600/; classtype:trojan-activity;sid:84285700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422599)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.200.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422599/; classtype:trojan-activity;sid:84285699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.211.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422598/; classtype:trojan-activity;sid:84285698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422597)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.137.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422597/; classtype:trojan-activity;sid:84285697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.8.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422596/; classtype:trojan-activity;sid:84285696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.124.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422595/; classtype:trojan-activity;sid:84285695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422594/; classtype:trojan-activity;sid:84285694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.29.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422593/; classtype:trojan-activity;sid:84285693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.97.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422592/; classtype:trojan-activity;sid:84285692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.191.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422591/; classtype:trojan-activity;sid:84285691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422590)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.78.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422590/; classtype:trojan-activity;sid:84285690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.245.55.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422589/; classtype:trojan-activity;sid:84285689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422587)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.177.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422587/; classtype:trojan-activity;sid:84285687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422588)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.120.174.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422588/; classtype:trojan-activity;sid:84285688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422585)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422585/; classtype:trojan-activity;sid:84285685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.13.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422586/; classtype:trojan-activity;sid:84285686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.191.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422584/; classtype:trojan-activity;sid:84285684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.80.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422583/; classtype:trojan-activity;sid:84285683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.66.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422582/; classtype:trojan-activity;sid:84285682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.106.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422581/; classtype:trojan-activity;sid:84285681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.108.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422580/; classtype:trojan-activity;sid:84285680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.211.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422579/; classtype:trojan-activity;sid:84285679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.108.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422578/; classtype:trojan-activity;sid:84285678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422577)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.102.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422577/; classtype:trojan-activity;sid:84285677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422576)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.95.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422576/; classtype:trojan-activity;sid:84285676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.103.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422575/; classtype:trojan-activity;sid:84285675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.43.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422574/; classtype:trojan-activity;sid:84285674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.232.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422573/; classtype:trojan-activity;sid:84285673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.167.24.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422571/; classtype:trojan-activity;sid:84285671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.153.142.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422572/; classtype:trojan-activity;sid:84285672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.97.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422570/; classtype:trojan-activity;sid:84285670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.38.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422568/; classtype:trojan-activity;sid:84285668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.86.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422569/; classtype:trojan-activity;sid:84285669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.7.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422567/; classtype:trojan-activity;sid:84285667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.49.86.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422566/; classtype:trojan-activity;sid:84285666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.18.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422565/; classtype:trojan-activity;sid:84285665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.46.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422564/; classtype:trojan-activity;sid:84285664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.61.231.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422563/; classtype:trojan-activity;sid:84285663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.73.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422562/; classtype:trojan-activity;sid:84285662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.10.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422561/; classtype:trojan-activity;sid:84285661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422560)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.112.85.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422560/; classtype:trojan-activity;sid:84285660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.80.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422559/; classtype:trojan-activity;sid:84285659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422558)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.42.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422558/; classtype:trojan-activity;sid:84285658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.4.2.45"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422557/; classtype:trojan-activity;sid:84285657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.7.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422556/; classtype:trojan-activity;sid:84285656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.108.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422555/; classtype:trojan-activity;sid:84285655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.73.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422554/; classtype:trojan-activity;sid:84285654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.153.142.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422553/; classtype:trojan-activity;sid:84285653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.167.24.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422552/; classtype:trojan-activity;sid:84285652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422551)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.150.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422551/; classtype:trojan-activity;sid:84285651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.178.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422550/; classtype:trojan-activity;sid:84285650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.43.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422549/; classtype:trojan-activity;sid:84285649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.185.19.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422548/; classtype:trojan-activity;sid:84285648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.10.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422547/; classtype:trojan-activity;sid:84285647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.186.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422546/; classtype:trojan-activity;sid:84285646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.232.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422545/; classtype:trojan-activity;sid:84285645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.115.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422544/; classtype:trojan-activity;sid:84285644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.3.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422543/; classtype:trojan-activity;sid:84285643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.230.34.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422542/; classtype:trojan-activity;sid:84285642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422541)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.210.224.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422541/; classtype:trojan-activity;sid:84285641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.235.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422539/; classtype:trojan-activity;sid:84285639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"206.0.183.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422540/; classtype:trojan-activity;sid:84285640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.19.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422538/; classtype:trojan-activity;sid:84285638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422537/; classtype:trojan-activity;sid:84285637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.147.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422535/; classtype:trojan-activity;sid:84285635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.112.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422536/; classtype:trojan-activity;sid:84285636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.61.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422534/; classtype:trojan-activity;sid:84285634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422533)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.48.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422533/; classtype:trojan-activity;sid:84285633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.49.65.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422532/; classtype:trojan-activity;sid:84285632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.185.19.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422531/; classtype:trojan-activity;sid:84285631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"206.0.183.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422530/; classtype:trojan-activity;sid:84285630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.219.1.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422529/; classtype:trojan-activity;sid:84285629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.101.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422528/; classtype:trojan-activity;sid:84285628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.61.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422527/; classtype:trojan-activity;sid:84285627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.235.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422526/; classtype:trojan-activity;sid:84285626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.19.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422525/; classtype:trojan-activity;sid:84285625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.186.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422524/; classtype:trojan-activity;sid:84285624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.123.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422523/; classtype:trojan-activity;sid:84285623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.115.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422522/; classtype:trojan-activity;sid:84285622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.112.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422521/; classtype:trojan-activity;sid:84285621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.49.65.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422520/; classtype:trojan-activity;sid:84285620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.230.34.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422519/; classtype:trojan-activity;sid:84285619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.144.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422518/; classtype:trojan-activity;sid:84285618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.37.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422517/; classtype:trojan-activity;sid:84285617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422516)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.69.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422516/; classtype:trojan-activity;sid:84285616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.223.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422515/; classtype:trojan-activity;sid:84285615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422514)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.86.251.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422514/; classtype:trojan-activity;sid:84285614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422513)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"207.144.208.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422513/; classtype:trojan-activity;sid:84285613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422512)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.90.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422512/; classtype:trojan-activity;sid:84285612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.209.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422511/; classtype:trojan-activity;sid:84285611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422510)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.93.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422510/; classtype:trojan-activity;sid:84285610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422509)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.143.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422509/; classtype:trojan-activity;sid:84285609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422508)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.161.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422508/; classtype:trojan-activity;sid:84285608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.101.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422506/; classtype:trojan-activity;sid:84285606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.37.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422507/; classtype:trojan-activity;sid:84285607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.47.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422505/; classtype:trojan-activity;sid:84285605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.151.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422504/; classtype:trojan-activity;sid:84285604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422503)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.245.2.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422503/; classtype:trojan-activity;sid:84285603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422499)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.134.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422499/; classtype:trojan-activity;sid:84285599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.53.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422500/; classtype:trojan-activity;sid:84285600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.122.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422501/; classtype:trojan-activity;sid:84285601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.140.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422502/; classtype:trojan-activity;sid:84285602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422498)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.55.72.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422498/; classtype:trojan-activity;sid:84285598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.169.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422497/; classtype:trojan-activity;sid:84285597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.86.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422496/; classtype:trojan-activity;sid:84285596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.60.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422495/; classtype:trojan-activity;sid:84285595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.219.1.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422494/; classtype:trojan-activity;sid:84285594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.49.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422493/; classtype:trojan-activity;sid:84285593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"207.144.208.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422492/; classtype:trojan-activity;sid:84285592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.69.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422490/; classtype:trojan-activity;sid:84285590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.93.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422491/; classtype:trojan-activity;sid:84285591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.239.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422488/; classtype:trojan-activity;sid:84285588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422489)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.94.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422489/; classtype:trojan-activity;sid:84285589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422487)"; flow:established,from_client; content:"GET"; http_method; content:"/ciubuc_arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"95.182.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422487/; classtype:trojan-activity;sid:84285587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422475)"; flow:established,from_client; content:"GET"; http_method; content:"/ciubuc_aarch64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"95.182.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422475/; classtype:trojan-activity;sid:84285575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422476)"; flow:established,from_client; content:"GET"; http_method; content:"/ciubuc_i586"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"95.182.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422476/; classtype:trojan-activity;sid:84285576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422477)"; flow:established,from_client; content:"GET"; http_method; content:"/ciubuc_mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"95.182.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422477/; classtype:trojan-activity;sid:84285577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422478)"; flow:established,from_client; content:"GET"; http_method; content:"/ciubuc_arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"95.182.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422478/; classtype:trojan-activity;sid:84285578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422479)"; flow:established,from_client; content:"GET"; http_method; content:"/ciubuc_m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"95.182.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422479/; classtype:trojan-activity;sid:84285579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422480)"; flow:established,from_client; content:"GET"; http_method; content:"/ciubuc_x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"95.182.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422480/; classtype:trojan-activity;sid:84285580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422481)"; flow:established,from_client; content:"GET"; http_method; content:"/ciubuc_ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"95.182.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422481/; classtype:trojan-activity;sid:84285581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422482)"; flow:established,from_client; content:"GET"; http_method; content:"/ciubuc_mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"95.182.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422482/; classtype:trojan-activity;sid:84285582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422483)"; flow:established,from_client; content:"GET"; http_method; content:"/ciubuc_arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"95.182.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422483/; classtype:trojan-activity;sid:84285583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422484)"; flow:established,from_client; content:"GET"; http_method; content:"/ciubuc_mips64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"95.182.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422484/; classtype:trojan-activity;sid:84285584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422485)"; flow:established,from_client; content:"GET"; http_method; content:"/ciubuc_sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"95.182.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422485/; classtype:trojan-activity;sid:84285585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422486)"; flow:established,from_client; content:"GET"; http_method; content:"/ciubuc_arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"95.182.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422486/; classtype:trojan-activity;sid:84285586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422473)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"193.200.78.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422473/; classtype:trojan-activity;sid:84285573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422474)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"193.200.78.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422474/; classtype:trojan-activity;sid:84285574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422463)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"193.200.78.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422463/; classtype:trojan-activity;sid:84285563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422464)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.200.78.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422464/; classtype:trojan-activity;sid:84285564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422465)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.200.78.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422465/; classtype:trojan-activity;sid:84285565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422466)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.200.78.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422466/; classtype:trojan-activity;sid:84285566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422467)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.200.78.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422467/; classtype:trojan-activity;sid:84285567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422468)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.i586"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.200.78.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422468/; classtype:trojan-activity;sid:84285568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422469)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x32"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"193.200.78.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422469/; classtype:trojan-activity;sid:84285569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422470)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.200.78.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422470/; classtype:trojan-activity;sid:84285570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422471)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.200.78.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422471/; classtype:trojan-activity;sid:84285571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422472/; classtype:trojan-activity;sid:84285572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.53.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422462/; classtype:trojan-activity;sid:84285562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.100.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422461/; classtype:trojan-activity;sid:84285561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422460/; classtype:trojan-activity;sid:84285560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422459)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.71.23.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422459/; classtype:trojan-activity;sid:84285559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.140.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422458/; classtype:trojan-activity;sid:84285558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.245.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422457/; classtype:trojan-activity;sid:84285557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.49.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422456/; classtype:trojan-activity;sid:84285556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.133.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422455/; classtype:trojan-activity;sid:84285555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422454/; classtype:trojan-activity;sid:84285554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422453)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.98.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422453/; classtype:trojan-activity;sid:84285553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422452)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.29.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422452/; classtype:trojan-activity;sid:84285552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.70.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422451/; classtype:trojan-activity;sid:84285551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.191.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422450/; classtype:trojan-activity;sid:84285550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.133.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422449/; classtype:trojan-activity;sid:84285549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.22.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422448/; classtype:trojan-activity;sid:84285548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.143.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422447/; classtype:trojan-activity;sid:84285547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.100.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422446/; classtype:trojan-activity;sid:84285546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.209.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422445/; classtype:trojan-activity;sid:84285545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.104.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422444/; classtype:trojan-activity;sid:84285544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.14.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422443/; classtype:trojan-activity;sid:84285543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.206.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422442/; classtype:trojan-activity;sid:84285542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422441/; classtype:trojan-activity;sid:84285541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.48.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422440/; classtype:trojan-activity;sid:84285540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.209.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422439/; classtype:trojan-activity;sid:84285539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422438)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.210.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422438/; classtype:trojan-activity;sid:84285538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.191.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422437/; classtype:trojan-activity;sid:84285537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.99.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422436/; classtype:trojan-activity;sid:84285536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.122.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422435/; classtype:trojan-activity;sid:84285535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.14.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422434/; classtype:trojan-activity;sid:84285534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.241.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422433/; classtype:trojan-activity;sid:84285533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422432/; classtype:trojan-activity;sid:84285532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.42.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422431/; classtype:trojan-activity;sid:84285531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.104.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422430/; classtype:trojan-activity;sid:84285530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.50.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422429/; classtype:trojan-activity;sid:84285529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.193.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422428/; classtype:trojan-activity;sid:84285528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.211.121.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422427/; classtype:trojan-activity;sid:84285527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.92.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422426/; classtype:trojan-activity;sid:84285526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.86.148.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422425/; classtype:trojan-activity;sid:84285525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422424/; classtype:trojan-activity;sid:84285524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.94.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422423/; classtype:trojan-activity;sid:84285523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.90.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422422/; classtype:trojan-activity;sid:84285522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422421)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.227.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422421/; classtype:trojan-activity;sid:84285521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.39.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422420/; classtype:trojan-activity;sid:84285520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.190.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422419/; classtype:trojan-activity;sid:84285519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.10.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422418/; classtype:trojan-activity;sid:84285518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.48.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422417/; classtype:trojan-activity;sid:84285517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.39.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422416/; classtype:trojan-activity;sid:84285516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422415)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.245.55.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422415/; classtype:trojan-activity;sid:84285515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.51.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422414/; classtype:trojan-activity;sid:84285514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.253.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422413/; classtype:trojan-activity;sid:84285513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.122.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422412/; classtype:trojan-activity;sid:84285512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.72.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422411/; classtype:trojan-activity;sid:84285511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.94.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422410/; classtype:trojan-activity;sid:84285510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.168.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422409/; classtype:trojan-activity;sid:84285509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.193.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422408/; classtype:trojan-activity;sid:84285508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.217.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422407/; classtype:trojan-activity;sid:84285507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.40.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422405/; classtype:trojan-activity;sid:84285505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422406)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.211.121.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422406/; classtype:trojan-activity;sid:84285506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.86.148.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422404/; classtype:trojan-activity;sid:84285504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.113.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422403/; classtype:trojan-activity;sid:84285503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422402/; classtype:trojan-activity;sid:84285502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422401)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.204.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422401/; classtype:trojan-activity;sid:84285501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.244.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422400/; classtype:trojan-activity;sid:84285500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422399/; classtype:trojan-activity;sid:84285499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422398/; classtype:trojan-activity;sid:84285498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.90.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422397/; classtype:trojan-activity;sid:84285497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.235.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422396/; classtype:trojan-activity;sid:84285496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.253.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422395/; classtype:trojan-activity;sid:84285495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.242.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422394/; classtype:trojan-activity;sid:84285494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.24.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422393/; classtype:trojan-activity;sid:84285493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422392)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.182.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422392/; classtype:trojan-activity;sid:84285492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422390)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.134.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422390/; classtype:trojan-activity;sid:84285490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422391)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.96.142.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422391/; classtype:trojan-activity;sid:84285491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422389)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422389/; classtype:trojan-activity;sid:84285489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.185.142.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422388/; classtype:trojan-activity;sid:84285488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422385)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.134.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422385/; classtype:trojan-activity;sid:84285485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422386)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.4.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422386/; classtype:trojan-activity;sid:84285486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.27.199.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422387/; classtype:trojan-activity;sid:84285487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422384)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.134.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422384/; classtype:trojan-activity;sid:84285484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.173.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422383/; classtype:trojan-activity;sid:84285483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.244.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422382/; classtype:trojan-activity;sid:84285482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.40.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422381/; classtype:trojan-activity;sid:84285481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.87.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422380/; classtype:trojan-activity;sid:84285480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.84.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422379/; classtype:trojan-activity;sid:84285479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422378)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.72.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422378/; classtype:trojan-activity;sid:84285478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422377)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.253.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422377/; classtype:trojan-activity;sid:84285477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.251.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422376/; classtype:trojan-activity;sid:84285476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.94.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422375/; classtype:trojan-activity;sid:84285475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422374)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.215.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422374/; classtype:trojan-activity;sid:84285474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422373/; classtype:trojan-activity;sid:84285473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.231.125.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422372/; classtype:trojan-activity;sid:84285472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.81.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422371/; classtype:trojan-activity;sid:84285471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.81.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422369/; classtype:trojan-activity;sid:84285469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.190.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422370/; classtype:trojan-activity;sid:84285470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.24.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422368/; classtype:trojan-activity;sid:84285468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.3.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422367/; classtype:trojan-activity;sid:84285467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422366)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.218.164.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422366/; classtype:trojan-activity;sid:84285466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422365)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.106.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422365/; classtype:trojan-activity;sid:84285465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422364)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.87.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422364/; classtype:trojan-activity;sid:84285464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.188.76.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422362/; classtype:trojan-activity;sid:84285462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.212.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422363/; classtype:trojan-activity;sid:84285463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.88.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422361/; classtype:trojan-activity;sid:84285461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.231.125.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422360/; classtype:trojan-activity;sid:84285460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.2.154.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422359/; classtype:trojan-activity;sid:84285459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.151.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422358/; classtype:trojan-activity;sid:84285458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.172.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422357/; classtype:trojan-activity;sid:84285457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422355)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.239.77.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422355/; classtype:trojan-activity;sid:84285455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.63.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422356/; classtype:trojan-activity;sid:84285456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.144.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422353/; classtype:trojan-activity;sid:84285453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.81.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422354/; classtype:trojan-activity;sid:84285454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.82.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422352/; classtype:trojan-activity;sid:84285452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.79.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422350/; classtype:trojan-activity;sid:84285450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.140.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422351/; classtype:trojan-activity;sid:84285451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422349)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.251.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422349/; classtype:trojan-activity;sid:84285449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.39.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422348/; classtype:trojan-activity;sid:84285448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.116.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422347/; classtype:trojan-activity;sid:84285447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.3.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422346/; classtype:trojan-activity;sid:84285446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.17.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422345/; classtype:trojan-activity;sid:84285445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422344/; classtype:trojan-activity;sid:84285444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422343)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.39.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422343/; classtype:trojan-activity;sid:84285443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422342)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.10.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422342/; classtype:trojan-activity;sid:84285442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422341)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.106.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422341/; classtype:trojan-activity;sid:84285441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422340)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.169.0.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422340/; classtype:trojan-activity;sid:84285440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422339)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.237.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422339/; classtype:trojan-activity;sid:84285439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.227.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422338/; classtype:trojan-activity;sid:84285438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.240.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422337/; classtype:trojan-activity;sid:84285437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.138.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422336/; classtype:trojan-activity;sid:84285436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422335)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.94.165.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422335/; classtype:trojan-activity;sid:84285435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.88.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422334/; classtype:trojan-activity;sid:84285434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.63.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422333/; classtype:trojan-activity;sid:84285433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.239.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422332/; classtype:trojan-activity;sid:84285432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.240.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422331/; classtype:trojan-activity;sid:84285431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.154.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422330/; classtype:trojan-activity;sid:84285430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.172.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422329/; classtype:trojan-activity;sid:84285429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422328)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.132.96.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422328/; classtype:trojan-activity;sid:84285428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.79.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422327/; classtype:trojan-activity;sid:84285427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.37.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422326/; classtype:trojan-activity;sid:84285426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.39.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422325/; classtype:trojan-activity;sid:84285425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422324/; classtype:trojan-activity;sid:84285424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422323)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.227.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422323/; classtype:trojan-activity;sid:84285423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.134.132.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422322/; classtype:trojan-activity;sid:84285422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.176.101.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422320/; classtype:trojan-activity;sid:84285420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.101.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422321/; classtype:trojan-activity;sid:84285421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422318)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.147.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422318/; classtype:trojan-activity;sid:84285418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422319)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.64.155.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422319/; classtype:trojan-activity;sid:84285419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.225.169.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422317/; classtype:trojan-activity;sid:84285417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422316)"; flow:established,from_client; content:"GET"; http_method; content:"/capcha.html"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"botverifity.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422316/; classtype:trojan-activity;sid:84285416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.17.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422315/; classtype:trojan-activity;sid:84285415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.101.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422314/; classtype:trojan-activity;sid:84285414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422313)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422313/; classtype:trojan-activity;sid:84285413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.80.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422312/; classtype:trojan-activity;sid:84285412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422311)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.142.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422311/; classtype:trojan-activity;sid:84285411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422310/; classtype:trojan-activity;sid:84285410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422309)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.134.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422309/; classtype:trojan-activity;sid:84285409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.117.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422308/; classtype:trojan-activity;sid:84285408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422307)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.134.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422307/; classtype:trojan-activity;sid:84285407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.72.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422306/; classtype:trojan-activity;sid:84285406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.29.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422305/; classtype:trojan-activity;sid:84285405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.219.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422304/; classtype:trojan-activity;sid:84285404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.169.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422302/; classtype:trojan-activity;sid:84285402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.122.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422303/; classtype:trojan-activity;sid:84285403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422301)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.185.206.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422301/; classtype:trojan-activity;sid:84285401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422300)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.29.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422300/; classtype:trojan-activity;sid:84285400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422299)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.19.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422299/; classtype:trojan-activity;sid:84285399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422298)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.206.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422298/; classtype:trojan-activity;sid:84285398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422297)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.106.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422297/; classtype:trojan-activity;sid:84285397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422296)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.177.151.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422296/; classtype:trojan-activity;sid:84285396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.115.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422295/; classtype:trojan-activity;sid:84285395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.217.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422294/; classtype:trojan-activity;sid:84285394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.65.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422293/; classtype:trojan-activity;sid:84285393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.34.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3422172/; classtype:trojan-activity;sid:84285272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422167)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.96.184.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3422167/; classtype:trojan-activity;sid:84285267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.34.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3422158/; classtype:trojan-activity;sid:84285258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.8.46.114"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3422148/; classtype:trojan-activity;sid:84285248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.8.46.114"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3422138/; classtype:trojan-activity;sid:84285238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422041)"; flow:established,from_client; content:"GET"; http_method; content:"/ruketop.mp4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"update33.oss-ap-southeast-3.aliyuncs.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3422041/; classtype:trojan-activity;sid:84285141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422037)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lead_dumper.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3422037/; classtype:trojan-activity;sid:84285137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422004)"; flow:established,from_client; content:"GET"; http_method; content:"/update"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"indexdougents.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3422004/; classtype:trojan-activity;sid:84285104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422015)"; flow:established,from_client; content:"GET"; http_method; content:"/update"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"becaconmougot.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3422015/; classtype:trojan-activity;sid:84285115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422018)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"becaconmougot.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3422018/; classtype:trojan-activity;sid:84285118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421956)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"indexdougents.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421956/; classtype:trojan-activity;sid:84285056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421926)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"bctabsogebtmoutsgs.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421926/; classtype:trojan-activity;sid:84285026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421889)"; flow:established,from_client; content:"GET"; http_method; content:"/update"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"insocgencmouts.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421889/; classtype:trojan-activity;sid:84284989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421858)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"insocgencmouts.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421858/; classtype:trojan-activity;sid:84284958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421870)"; flow:established,from_client; content:"GET"; http_method; content:"/update"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bctabsogebtmoutsgs.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421870/; classtype:trojan-activity;sid:84284970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421817)"; flow:established,from_client; content:"GET"; http_method; content:"/update"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"capouregionts.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421817/; classtype:trojan-activity;sid:84284917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421821)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"deabcbecaconmougot.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421821/; classtype:trojan-activity;sid:84284921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421829)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"capouregionts.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421829/; classtype:trojan-activity;sid:84284929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421833)"; flow:established,from_client; content:"GET"; http_method; content:"/update"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"deabcbecaconmougot.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421833/; classtype:trojan-activity;sid:84284933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421667)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"yunger.ddns.cam"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421667/; classtype:trojan-activity;sid:84284767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421668)"; flow:established,from_client; content:"GET"; http_method; content:"/update"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"yunger.ddns.cam"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421668/; classtype:trojan-activity;sid:84284768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421543)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"testeco.dns.army"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421543/; classtype:trojan-activity;sid:84284643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421542)"; flow:established,from_client; content:"GET"; http_method; content:"/update"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"testeco.dns.army"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421542/; classtype:trojan-activity;sid:84284642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421529)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"senbicaehgd.dns.army"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421529/; classtype:trojan-activity;sid:84284629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421530)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"helpsharp.ydns.eu"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421530/; classtype:trojan-activity;sid:84284630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421536)"; flow:established,from_client; content:"GET"; http_method; content:"/update"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"senbicaehgd.dns.army"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421536/; classtype:trojan-activity;sid:84284636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421538)"; flow:established,from_client; content:"GET"; http_method; content:"/update"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"helpsharp.ydns.eu"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421538/; classtype:trojan-activity;sid:84284638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421508)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"reduchavestgs.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421508/; classtype:trojan-activity;sid:84284608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421483)"; flow:established,from_client; content:"GET"; http_method; content:"/update"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"reduchavestgs.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421483/; classtype:trojan-activity;sid:84284583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421462)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"reducbabmaytgout.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421462/; classtype:trojan-activity;sid:84284562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421414)"; flow:established,from_client; content:"GET"; http_method; content:"/update"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"reducbabmaytgout.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421414/; classtype:trojan-activity;sid:84284514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421384)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"indexmousocgnets.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421384/; classtype:trojan-activity;sid:84284484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421399)"; flow:established,from_client; content:"GET"; http_method; content:"/update"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"indexmousocgnets.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421399/; classtype:trojan-activity;sid:84284499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421358)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.143.1.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421358/; classtype:trojan-activity;sid:84284458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421366)"; flow:established,from_client; content:"GET"; http_method; content:"/update"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421366/; classtype:trojan-activity;sid:84284466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421183)"; flow:established,from_client; content:"GET"; http_method; content:"/xsh/xsh.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"101.126.11.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421183/; classtype:trojan-activity;sid:84284283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421181)"; flow:established,from_client; content:"GET"; http_method; content:"/files/sql_gulong1/random.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421181/; classtype:trojan-activity;sid:84284281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421169)"; flow:established,from_client; content:"GET"; http_method; content:"/dhsfiud.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"194.102.104.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421169/; classtype:trojan-activity;sid:84284269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421171)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/ed.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421171/; classtype:trojan-activity;sid:84284271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421172)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/foreign.ps1"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421172/; classtype:trojan-activity;sid:84284272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421173)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/ebu.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421173/; classtype:trojan-activity;sid:84284273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421174)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/em3.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421174/; classtype:trojan-activity;sid:84284274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421175)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/xx.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421175/; classtype:trojan-activity;sid:84284275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421176)"; flow:established,from_client; content:"GET"; http_method; content:"/wannacry.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"154.84.153.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421176/; classtype:trojan-activity;sid:84284276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421042)"; flow:established,from_client; content:"GET"; http_method; content:"/aspire.mov"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"news6.oss-ap-northeast-1.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421042/; classtype:trojan-activity;sid:84284142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421040)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/rrx/wemeetagainforbestthingstodo.hta"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"172.245.119.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421040/; classtype:trojan-activity;sid:84284140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421036)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/chrisx.ps1"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421036/; classtype:trojan-activity;sid:84284136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421027)"; flow:established,from_client; content:"GET"; http_method; content:"/sigmaplus/4.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ny.lshdw.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421027/; classtype:trojan-activity;sid:84284127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421026)"; flow:established,from_client; content:"GET"; http_method; content:"/tylermt99/zzzaaa/refs/heads/main/built.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421026/; classtype:trojan-activity;sid:84284126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421024)"; flow:established,from_client; content:"GET"; http_method; content:"/file/4422_8390.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"62.60.226.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421024/; classtype:trojan-activity;sid:84284124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421025)"; flow:established,from_client; content:"GET"; http_method; content:"/file/4181_461.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"62.60.226.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421025/; classtype:trojan-activity;sid:84284125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421017)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/nmbk/nm/nmssb.hta"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"107.172.148.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421017/; classtype:trojan-activity;sid:84284117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421020)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp/emmetprod.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"141.147.43.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421020/; classtype:trojan-activity;sid:84284120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421011)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/kkn/nsoo/nomralwaygivenmebestthingswithentireilifegoses.hta"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"107.172.148.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421011/; classtype:trojan-activity;sid:84284111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3420981)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/kshkfki.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3420981/; classtype:trojan-activity;sid:84284081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3420982)"; flow:established,from_client; content:"GET"; http_method; content:"/file/1374_2790.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"62.60.226.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3420982/; classtype:trojan-activity;sid:84284082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3420962)"; flow:established,from_client; content:"GET"; http_method; content:"/a.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.7.214.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3420962/; classtype:trojan-activity;sid:84284062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3420961)"; flow:established,from_client; content:"GET"; http_method; content:"/b.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.7.214.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3420961/; classtype:trojan-activity;sid:84284061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3420746)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.152.9.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3420746/; classtype:trojan-activity;sid:84283846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3420716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.12.116"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3420716/; classtype:trojan-activity;sid:84283816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3420614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.207.174.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3420614/; classtype:trojan-activity;sid:84283714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3420612)"; flow:established,from_client; content:"GET"; http_method; content:"/lovform.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"31.57.166.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3420612/; classtype:trojan-activity;sid:84283712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3420613)"; flow:established,from_client; content:"GET"; http_method; content:"/chorogi.wsf"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"31.57.166.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3420613/; classtype:trojan-activity;sid:84283713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3420567)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"197.89.37.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3420567/; classtype:trojan-activity;sid:84283667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3420564)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.70.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3420564/; classtype:trojan-activity;sid:84283664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3420539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"160.119.133.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3420539/; classtype:trojan-activity;sid:84283639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3420538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"174.162.140.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3420538/; classtype:trojan-activity;sid:84283638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3420035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.69.61.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3420035/; classtype:trojan-activity;sid:84283135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3420016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.69.61.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3420016/; classtype:trojan-activity;sid:84283116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3420005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.102.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3420005/; classtype:trojan-activity;sid:84283105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419871)"; flow:established,from_client; content:"GET"; http_method; content:"/98.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.109.159.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419871/; classtype:trojan-activity;sid:84282971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419868)"; flow:established,from_client; content:"GET"; http_method; content:"/abc/29.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"121.127.231.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419868/; classtype:trojan-activity;sid:84282968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419869)"; flow:established,from_client; content:"GET"; http_method; content:"/invoke-mimikatz.ps1"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"117.72.36.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419869/; classtype:trojan-activity;sid:84282969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419870)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig-v6.21.0-ubuntu20.04-linux"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"14.224.174.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419870/; classtype:trojan-activity;sid:84282970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419854)"; flow:established,from_client; content:"GET"; http_method; content:"/abc/5.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.127.231.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419854/; classtype:trojan-activity;sid:84282954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419855)"; flow:established,from_client; content:"GET"; http_method; content:"/abc/1.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.127.231.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419855/; classtype:trojan-activity;sid:84282955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419856)"; flow:established,from_client; content:"GET"; http_method; content:"/abc/6.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.127.231.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419856/; classtype:trojan-activity;sid:84282956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419857)"; flow:established,from_client; content:"GET"; http_method; content:"/abc/35.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"121.127.231.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419857/; classtype:trojan-activity;sid:84282957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419859)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"bins.freesite.host"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419859/; classtype:trojan-activity;sid:84282959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419860)"; flow:established,from_client; content:"GET"; http_method; content:"/abc/43.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"121.127.231.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419860/; classtype:trojan-activity;sid:84282960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419861)"; flow:established,from_client; content:"GET"; http_method; content:"/abc/41.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"121.127.231.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419861/; classtype:trojan-activity;sid:84282961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419862)"; flow:established,from_client; content:"GET"; http_method; content:"/abc/42.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"121.127.231.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419862/; classtype:trojan-activity;sid:84282962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419863)"; flow:established,from_client; content:"GET"; http_method; content:"/abc/34.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"121.127.231.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419863/; classtype:trojan-activity;sid:84282963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419864)"; flow:established,from_client; content:"GET"; http_method; content:"/abc/4.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.127.231.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419864/; classtype:trojan-activity;sid:84282964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419865)"; flow:established,from_client; content:"GET"; http_method; content:"/abc/3.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.127.231.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419865/; classtype:trojan-activity;sid:84282965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419866)"; flow:established,from_client; content:"GET"; http_method; content:"/abc/38.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"121.127.231.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419866/; classtype:trojan-activity;sid:84282966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419867)"; flow:established,from_client; content:"GET"; http_method; content:"/abc/29.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"121.127.231.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419867/; classtype:trojan-activity;sid:84282967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419850)"; flow:established,from_client; content:"GET"; http_method; content:"/abc/16.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"121.127.231.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419850/; classtype:trojan-activity;sid:84282950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419851)"; flow:established,from_client; content:"GET"; http_method; content:"/abc/35.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"121.127.231.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419851/; classtype:trojan-activity;sid:84282951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419852)"; flow:established,from_client; content:"GET"; http_method; content:"/abc/2.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.127.231.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419852/; classtype:trojan-activity;sid:84282952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419849)"; flow:established,from_client; content:"GET"; http_method; content:"/abc/25.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"121.127.231.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419849/; classtype:trojan-activity;sid:84282949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419840)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"38.255.44.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419840/; classtype:trojan-activity;sid:84282940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419843)"; flow:established,from_client; content:"GET"; http_method; content:"/swagga/goodboy.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"176.65.144.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419843/; classtype:trojan-activity;sid:84282943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419846)"; flow:established,from_client; content:"GET"; http_method; content:"/home.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.84.153.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419846/; classtype:trojan-activity;sid:84282946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.226.3.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419787/; classtype:trojan-activity;sid:84282887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.226.3.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419777/; classtype:trojan-activity;sid:84282877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419681)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.28.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419681/; classtype:trojan-activity;sid:84282781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419571)"; flow:established,from_client; content:"GET"; http_method; content:"/xcocgt/priv1/raw/refs/heads/main/microsoft_hardware_launch.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419571/; classtype:trojan-activity;sid:84282671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419572)"; flow:established,from_client; content:"GET"; http_method; content:"/qwuxu/ghjtdfghnfg/raw/refs/heads/main/lastest.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419572/; classtype:trojan-activity;sid:84282672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419573)"; flow:established,from_client; content:"GET"; http_method; content:"/akumaheo/heoe/raw/refs/heads/main/heo.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419573/; classtype:trojan-activity;sid:84282673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419575)"; flow:established,from_client; content:"GET"; http_method; content:"/eluwnkaquxi/elcio/raw/refs/heads/main/server1.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419575/; classtype:trojan-activity;sid:84282675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419554)"; flow:established,from_client; content:"GET"; http_method; content:"/monkey958/sdasd/raw/refs/heads/main/856.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419554/; classtype:trojan-activity;sid:84282654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419555)"; flow:established,from_client; content:"GET"; http_method; content:"/qwuxu/ghjtdfghnfg/raw/refs/heads/main/newest.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419555/; classtype:trojan-activity;sid:84282655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419556)"; flow:established,from_client; content:"GET"; http_method; content:"/impar0/tryyy/raw/refs/heads/main/client.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419556/; classtype:trojan-activity;sid:84282656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419557)"; flow:established,from_client; content:"GET"; http_method; content:"/sonvan1811/fakewindowsinstaller/main/serverrat.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419557/; classtype:trojan-activity;sid:84282657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419558)"; flow:established,from_client; content:"GET"; http_method; content:"/marselshow/123123/main/govno__dlya_jertwy.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419558/; classtype:trojan-activity;sid:84282658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419559)"; flow:established,from_client; content:"GET"; http_method; content:"/mentaliczz/bloxflippredictor-v2/raw/refs/heads/main/bloxflip%20predictor.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419559/; classtype:trojan-activity;sid:84282659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419560)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/raw/refs/heads/main/fast%20download.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419560/; classtype:trojan-activity;sid:84282660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419562)"; flow:established,from_client; content:"GET"; http_method; content:"/raz233/rgdgdrg/raw/refs/heads/main/client.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419562/; classtype:trojan-activity;sid:84282662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419563)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmedk97/xwqd21waddqwdv/raw/refs/heads/main/server.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419563/; classtype:trojan-activity;sid:84282663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419564)"; flow:established,from_client; content:"GET"; http_method; content:"/toxicxz/fnaf-1/raw/refs/heads/main/fusca%20game.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419564/; classtype:trojan-activity;sid:84282664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419565)"; flow:established,from_client; content:"GET"; http_method; content:"/orospuccocugu/aaaaaa/raw/refs/heads/main/enai2.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419565/; classtype:trojan-activity;sid:84282665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419566)"; flow:established,from_client; content:"GET"; http_method; content:"/theairblow/theairblow/raw/refs/heads/main/njrat.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419566/; classtype:trojan-activity;sid:84282666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419567)"; flow:established,from_client; content:"GET"; http_method; content:"/qwuxu/ghjtdfghnfg/raw/refs/heads/main/joiner.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419567/; classtype:trojan-activity;sid:84282667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419568)"; flow:established,from_client; content:"GET"; http_method; content:"/xcocgt/priv1/raw/refs/heads/main/testme.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419568/; classtype:trojan-activity;sid:84282668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419569)"; flow:established,from_client; content:"GET"; http_method; content:"/ymykaliymy/ymy/raw/refs/heads/main/sela.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419569/; classtype:trojan-activity;sid:84282669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419570)"; flow:established,from_client; content:"GET"; http_method; content:"/grozniy1/folder/raw/refs/heads/main/444.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419570/; classtype:trojan-activity;sid:84282670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419546)"; flow:established,from_client; content:"GET"; http_method; content:"/nxrecxxil/syndicate/raw/refs/heads/main/main.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419546/; classtype:trojan-activity;sid:84282646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419547)"; flow:established,from_client; content:"GET"; http_method; content:"/trafunny/malware-file/raw/refs/heads/main/njrat.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419547/; classtype:trojan-activity;sid:84282647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419549)"; flow:established,from_client; content:"GET"; http_method; content:"/qwuxu/ghjtdfghnfg/raw/refs/heads/main/startup.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419549/; classtype:trojan-activity;sid:84282649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419550)"; flow:established,from_client; content:"GET"; http_method; content:"/qwuxu/ghjtdfghnfg/raw/refs/heads/main/cnct.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419550/; classtype:trojan-activity;sid:84282650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419551)"; flow:established,from_client; content:"GET"; http_method; content:"/krevedko3221/porno/raw/refs/heads/main/mos%20ssssttttt.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419551/; classtype:trojan-activity;sid:84282651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419553)"; flow:established,from_client; content:"GET"; http_method; content:"/paketpk/trojan/raw/refs/heads/main/njsilent.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419553/; classtype:trojan-activity;sid:84282653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419544)"; flow:established,from_client; content:"GET"; http_method; content:"/itschangat/test/raw/refs/heads/main/system.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419544/; classtype:trojan-activity;sid:84282644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419540)"; flow:established,from_client; content:"GET"; http_method; content:"/get/gryts2ee3z/eo.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419540/; classtype:trojan-activity;sid:84282640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419536)"; flow:established,from_client; content:"GET"; http_method; content:"/get/ifmqaplnrp/client-built.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419536/; classtype:trojan-activity;sid:84282636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419535)"; flow:established,from_client; content:"GET"; http_method; content:"/get/edi4wqihyr/rektupp.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419535/; classtype:trojan-activity;sid:84282635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419527)"; flow:established,from_client; content:"GET"; http_method; content:"/luisphantom/vemom/raw/refs/heads/main/svhost.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419527/; classtype:trojan-activity;sid:84282627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419528)"; flow:established,from_client; content:"GET"; http_method; content:"/kees5462/this-is-a-roblox-external-cheat-best-one-out-there/raw/refs/heads/main/java32.exe"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419528/; classtype:trojan-activity;sid:84282628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419529)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/refs/heads/main/client-built.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419529/; classtype:trojan-activity;sid:84282629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419514)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/raw/refs/heads/main/x.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419514/; classtype:trojan-activity;sid:84282614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419515)"; flow:established,from_client; content:"GET"; http_method; content:"/tezx11/imgui/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419515/; classtype:trojan-activity;sid:84282615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419517)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/raw/refs/heads/main/vanilla.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419517/; classtype:trojan-activity;sid:84282617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419518)"; flow:established,from_client; content:"GET"; http_method; content:"/kees5462/this-is-a-roblox-external-cheat-best-one-out-there/raw/refs/heads/main/java.exe"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419518/; classtype:trojan-activity;sid:84282618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419519)"; flow:established,from_client; content:"GET"; http_method; content:"/imaeewy/about-me/raw/refs/heads/main/client-built.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419519/; classtype:trojan-activity;sid:84282619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419521)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/raw/refs/heads/main/client-built.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419521/; classtype:trojan-activity;sid:84282621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419522)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/raw/refs/heads/main/skibidi.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419522/; classtype:trojan-activity;sid:84282622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419523)"; flow:established,from_client; content:"GET"; http_method; content:"/therealastro666/lolz/raw/refs/heads/main/built.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419523/; classtype:trojan-activity;sid:84282623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419524)"; flow:established,from_client; content:"GET"; http_method; content:"/andresberejno/aaaaaaa/raw/refs/heads/main/client-base.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419524/; classtype:trojan-activity;sid:84282624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419525)"; flow:established,from_client; content:"GET"; http_method; content:"/sesafvr/ayo/raw/refs/heads/main/client-built.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419525/; classtype:trojan-activity;sid:84282625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419526)"; flow:established,from_client; content:"GET"; http_method; content:"/fhebngndsg/thefunny/refs/heads/main/client-built.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419526/; classtype:trojan-activity;sid:84282626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419511)"; flow:established,from_client; content:"GET"; http_method; content:"/tezx11/imgui/raw/refs/heads/main/example_win32_dx11.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419511/; classtype:trojan-activity;sid:84282611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419512)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/raw/refs/heads/main/jignesh.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419512/; classtype:trojan-activity;sid:84282612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419508)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/raw/refs/heads/main/sgvp%20client%20program.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419508/; classtype:trojan-activity;sid:84282608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419509)"; flow:established,from_client; content:"GET"; http_method; content:"/aspdasdksa2/callback/raw/refs/heads/main/client-built.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419509/; classtype:trojan-activity;sid:84282609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419510)"; flow:established,from_client; content:"GET"; http_method; content:"/therealastro666/lolz/raw/refs/heads/main/client-built.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419510/; classtype:trojan-activity;sid:84282610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419503)"; flow:established,from_client; content:"GET"; http_method; content:"/coluich/yaf/refs/heads/main/windows12.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419503/; classtype:trojan-activity;sid:84282603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419504)"; flow:established,from_client; content:"GET"; http_method; content:"/cctv-security/rev/raw/main/client-built.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419504/; classtype:trojan-activity;sid:84282604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419505)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/osiris/blob/main/2klz.exe|3f|raw=true"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419505/; classtype:trojan-activity;sid:84282605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419506)"; flow:established,from_client; content:"GET"; http_method; content:"/felikzig/wdt/raw/refs/heads/main/collosalloader.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419506/; classtype:trojan-activity;sid:84282606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419507)"; flow:established,from_client; content:"GET"; http_method; content:"/imaeewy/about-me/raw/refs/heads/main/discord.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419507/; classtype:trojan-activity;sid:84282607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419502)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/osiris/blob/main/2klz.exe|3f|raw=true/"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419502/; classtype:trojan-activity;sid:84282602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419499)"; flow:established,from_client; content:"GET"; http_method; content:"/earthsetup/firtshopacc/raw/refs/heads/main/runtime%20broker.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419499/; classtype:trojan-activity;sid:84282599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419500)"; flow:established,from_client; content:"GET"; http_method; content:"/xerussploit/neverlose-loader/raw/refs/heads/main/neverlose%20loader.exe"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419500/; classtype:trojan-activity;sid:84282600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419498)"; flow:established,from_client; content:"GET"; http_method; content:"/m4hvh2/dwadwa/raw/refs/heads/main/client-built.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419498/; classtype:trojan-activity;sid:84282598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419497)"; flow:established,from_client; content:"GET"; http_method; content:"/skibidisigmer/fncleanerv2/releases/download/cleanerv2/cleanerv2.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419497/; classtype:trojan-activity;sid:84282597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419494)"; flow:established,from_client; content:"GET"; http_method; content:"/1337breaker1337/password/raw/refs/heads/main/client-built.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419494/; classtype:trojan-activity;sid:84282594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419495)"; flow:established,from_client; content:"GET"; http_method; content:"/azurerex/napewnonievoiderhook/raw/refs/heads/main/sharpmonoinjector.exe"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419495/; classtype:trojan-activity;sid:84282595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419492)"; flow:established,from_client; content:"GET"; http_method; content:"/earthsetup/firtshopacc/raw/refs/heads/main/registry.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419492/; classtype:trojan-activity;sid:84282592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419493)"; flow:established,from_client; content:"GET"; http_method; content:"/xerussploit/spectrum/raw/refs/heads/main/spectrum.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419493/; classtype:trojan-activity;sid:84282593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419491)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/raw/refs/heads/main/sgvp%20client%20system.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419491/; classtype:trojan-activity;sid:84282591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419488)"; flow:established,from_client; content:"GET"; http_method; content:"/luisphantom/vemom/raw/refs/heads/main/client-built.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419488/; classtype:trojan-activity;sid:84282588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419489)"; flow:established,from_client; content:"GET"; http_method; content:"/sleepysnz/skibidi/raw/refs/heads/main/condogenerator.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419489/; classtype:trojan-activity;sid:84282589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419481)"; flow:established,from_client; content:"GET"; http_method; content:"/mohammedsalmannnnnnn/laughing-train/raw/refs/heads/main/client-built.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419481/; classtype:trojan-activity;sid:84282581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419482)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/raw/refs/heads/main/lmao.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419482/; classtype:trojan-activity;sid:84282582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419483)"; flow:established,from_client; content:"GET"; http_method; content:"/luisphantom/vemom/raw/refs/heads/main/mmo%201.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419483/; classtype:trojan-activity;sid:84282583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419484)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/raw/refs/heads/main/fud2.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419484/; classtype:trojan-activity;sid:84282584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419485)"; flow:established,from_client; content:"GET"; http_method; content:"/bonsko216/1/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419485/; classtype:trojan-activity;sid:84282585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419486)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/discord/raw/refs/heads/main/client-built.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419486/; classtype:trojan-activity;sid:84282586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419487)"; flow:established,from_client; content:"GET"; http_method; content:"/leemurray751/testing/raw/refs/heads/main/testingfile.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419487/; classtype:trojan-activity;sid:84282587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419470)"; flow:established,from_client; content:"GET"; http_method; content:"/faokun1/aaa/raw/refs/heads/main/client-built.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419470/; classtype:trojan-activity;sid:84282570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419471)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/raw/refs/heads/main/1434orz.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419471/; classtype:trojan-activity;sid:84282571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419473)"; flow:established,from_client; content:"GET"; http_method; content:"/brucegang123/bat-automation-test/raw/main/servers.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419473/; classtype:trojan-activity;sid:84282573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419474)"; flow:established,from_client; content:"GET"; http_method; content:"/valofficial/client-follower/raw/refs/heads/main/client-built.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419474/; classtype:trojan-activity;sid:84282574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419475)"; flow:established,from_client; content:"GET"; http_method; content:"/luisphantom/vemom/raw/refs/heads/main/money.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419475/; classtype:trojan-activity;sid:84282575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419477)"; flow:established,from_client; content:"GET"; http_method; content:"/xevioo/xeviohub/raw/refs/heads/main/critscript.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419477/; classtype:trojan-activity;sid:84282577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419478)"; flow:established,from_client; content:"GET"; http_method; content:"/nakuss/dwdwadwa/raw/main/client-built.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419478/; classtype:trojan-activity;sid:84282578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419479)"; flow:established,from_client; content:"GET"; http_method; content:"/biseo0/neue/raw/refs/heads/main/client-built.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419479/; classtype:trojan-activity;sid:84282579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419480)"; flow:established,from_client; content:"GET"; http_method; content:"/mpy66/nix/raw/refs/heads/main/discordupdate.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419480/; classtype:trojan-activity;sid:84282580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419468)"; flow:established,from_client; content:"GET"; http_method; content:"/biseo0/neue/raw/main/client-built.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419468/; classtype:trojan-activity;sid:84282568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419469)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/raw/refs/heads/main/negarque.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419469/; classtype:trojan-activity;sid:84282569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419466)"; flow:established,from_client; content:"GET"; http_method; content:"/blazedbottle/rat/raw/refs/heads/main/client-built-playit.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419466/; classtype:trojan-activity;sid:84282566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419462)"; flow:established,from_client; content:"GET"; http_method; content:"/unix-cmd/dev/raw/refs/heads/main/installer.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419462/; classtype:trojan-activity;sid:84282562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419463)"; flow:established,from_client; content:"GET"; http_method; content:"/aspdasdksa2/callback/raw/main/client-built.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419463/; classtype:trojan-activity;sid:84282563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419464)"; flow:established,from_client; content:"GET"; http_method; content:"/horiffy/sentil/raw/refs/heads/main/sentil.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419464/; classtype:trojan-activity;sid:84282564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419460)"; flow:established,from_client; content:"GET"; http_method; content:"/zls2024/not-download/raw/refs/heads/main/discord.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419460/; classtype:trojan-activity;sid:84282560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419461)"; flow:established,from_client; content:"GET"; http_method; content:"/imaeewy/about-me/raw/refs/heads/main/installer.exe.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419461/; classtype:trojan-activity;sid:84282561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419459)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419459/; classtype:trojan-activity;sid:84282559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419455)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/raw/refs/heads/main/sgvp%20client%20users.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419455/; classtype:trojan-activity;sid:84282555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419456)"; flow:established,from_client; content:"GET"; http_method; content:"/fhebngndsg/thefunny/raw/refs/heads/main/client-built.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419456/; classtype:trojan-activity;sid:84282556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419457)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/raw/refs/heads/main/client-built.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419457/; classtype:trojan-activity;sid:84282557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419458)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/raw/refs/heads/main/injector.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419458/; classtype:trojan-activity;sid:84282558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419453)"; flow:established,from_client; content:"GET"; http_method; content:"/bormasina/test/raw/refs/heads/main/defender64.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419453/; classtype:trojan-activity;sid:84282553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419452)"; flow:established,from_client; content:"GET"; http_method; content:"/top-executors/jjsploit/releases/download/v2.1.0/jjsploit.v2.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419452/; classtype:trojan-activity;sid:84282552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419450)"; flow:established,from_client; content:"GET"; http_method; content:"/stukit/svhoste/raw/refs/heads/main/svhoste.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419450/; classtype:trojan-activity;sid:84282550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419451)"; flow:established,from_client; content:"GET"; http_method; content:"/videoxfrx/crealstealer/raw/refs/heads/main/creal.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419451/; classtype:trojan-activity;sid:84282551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419409)"; flow:established,from_client; content:"GET"; http_method; content:"/hadesv2/windriver/master/windriver.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419409/; classtype:trojan-activity;sid:84282509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419408)"; flow:established,from_client; content:"GET"; http_method; content:"/sulfux29/customrpcc/releases/download/discord/msystem32.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419408/; classtype:trojan-activity;sid:84282508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419407)"; flow:established,from_client; content:"GET"; http_method; content:"/anshuop0001/aaaaaaa/raw/refs/heads/main/client.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419407/; classtype:trojan-activity;sid:84282507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419402)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/raw/refs/heads/main/discord2.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419402/; classtype:trojan-activity;sid:84282502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419403)"; flow:established,from_client; content:"GET"; http_method; content:"/jackedmicheal/ccenty/raw/refs/heads/main/crspoofer.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419403/; classtype:trojan-activity;sid:84282503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419405)"; flow:established,from_client; content:"GET"; http_method; content:"/orospuccocugu/aaaaaa/raw/refs/heads/main/anne.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419405/; classtype:trojan-activity;sid:84282505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419406)"; flow:established,from_client; content:"GET"; http_method; content:"/jackyz777/activebypass/raw/refs/heads/main/discord.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419406/; classtype:trojan-activity;sid:84282506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419391)"; flow:established,from_client; content:"GET"; http_method; content:"/realmastercoder69/daww/raw/refs/heads/main/loader.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419391/; classtype:trojan-activity;sid:84282491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419392)"; flow:established,from_client; content:"GET"; http_method; content:"/heysama/afsgdhzx/raw/refs/heads/main/asyncclient.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419392/; classtype:trojan-activity;sid:84282492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419393)"; flow:established,from_client; content:"GET"; http_method; content:"/babskai/vir-s/raw/refs/heads/main/asyncclient.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419393/; classtype:trojan-activity;sid:84282493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419394)"; flow:established,from_client; content:"GET"; http_method; content:"/heysama/afsgdhzx/raw/main/asyncclient.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419394/; classtype:trojan-activity;sid:84282494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419395)"; flow:established,from_client; content:"GET"; http_method; content:"/cfedss/exe/raw/refs/heads/main/solara_protect.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419395/; classtype:trojan-activity;sid:84282495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419396)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/raw/refs/heads/main/discord3.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419396/; classtype:trojan-activity;sid:84282496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419397)"; flow:established,from_client; content:"GET"; http_method; content:"/andresberejno/aaaaaaa/raw/refs/heads/main/file.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419397/; classtype:trojan-activity;sid:84282497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419398)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/raw/main/discordd.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419398/; classtype:trojan-activity;sid:84282498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419399)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/raw/refs/heads/main/discord.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419399/; classtype:trojan-activity;sid:84282499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419400)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/raw/refs/heads/main/discordd.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419400/; classtype:trojan-activity;sid:84282500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419401)"; flow:established,from_client; content:"GET"; http_method; content:"/andresberejno/aaaaaaa/refs/heads/main/file.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419401/; classtype:trojan-activity;sid:84282501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419389)"; flow:established,from_client; content:"GET"; http_method; content:"/ducminh23/ddosv1/raw/refs/heads/main/ddosziller.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419389/; classtype:trojan-activity;sid:84282489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419390)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/raw/main/discord2.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419390/; classtype:trojan-activity;sid:84282490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419386)"; flow:established,from_client; content:"GET"; http_method; content:"/peroxic/peroxic/releases/download/1/demon.bin"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419386/; classtype:trojan-activity;sid:84282486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419385)"; flow:established,from_client; content:"GET"; http_method; content:"/woord02/nigga/raw/refs/heads/main/majesticexec.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419385/; classtype:trojan-activity;sid:84282485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419384)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/raw/refs/heads/main/program-loader.bin"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419384/; classtype:trojan-activity;sid:84282484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419383)"; flow:established,from_client; content:"GET"; http_method; content:"/zefordk/ikeya/raw/refs/heads/main/shellcodeany.bin"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419383/; classtype:trojan-activity;sid:84282483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419381)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/raw/refs/heads/main/shellcodeany.bin"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419381/; classtype:trojan-activity;sid:84282481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419382)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/raw/refs/heads/main/uesr-loader.bin"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419382/; classtype:trojan-activity;sid:84282482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419380)"; flow:established,from_client; content:"GET"; http_method; content:"/thanhtung19944/ok-/refs/heads/main/thunn.bin"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419380/; classtype:trojan-activity;sid:84282480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419373)"; flow:established,from_client; content:"GET"; http_method; content:"/thanhtung19944/ok-/raw/refs/heads/main/thunn.bin"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419373/; classtype:trojan-activity;sid:84282473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419374)"; flow:established,from_client; content:"GET"; http_method; content:"/thanhtung19944/ok-/raw/refs/heads/main/outping.bin"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419374/; classtype:trojan-activity;sid:84282474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419375)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/101.bin"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419375/; classtype:trojan-activity;sid:84282475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419376)"; flow:established,from_client; content:"GET"; http_method; content:"/razidvb/myfiles/raw/refs/heads/main/loader.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419376/; classtype:trojan-activity;sid:84282476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419377)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/play.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419377/; classtype:trojan-activity;sid:84282477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419378)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/mera.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419378/; classtype:trojan-activity;sid:84282478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419379)"; flow:established,from_client; content:"GET"; http_method; content:"/stezxyz/svchost.exe/raw/refs/heads/main/xclient.bin"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419379/; classtype:trojan-activity;sid:84282479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419362)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/raw/refs/heads/main/2.bin"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419362/; classtype:trojan-activity;sid:84282462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419363)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/bao.bin"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419363/; classtype:trojan-activity;sid:84282463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419364)"; flow:established,from_client; content:"GET"; http_method; content:"/showqa/xt/raw/refs/heads/main/shellcodeany.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419364/; classtype:trojan-activity;sid:84282464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419365)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/refs/heads/main/101.bin"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419365/; classtype:trojan-activity;sid:84282465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419366)"; flow:established,from_client; content:"GET"; http_method; content:"/thanhtung19944/ok-/raw/refs/heads/main/need.bin"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419366/; classtype:trojan-activity;sid:84282466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419367)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/cool.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419367/; classtype:trojan-activity;sid:84282467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419368)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17793058/lg246dre.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419368/; classtype:trojan-activity;sid:84282468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419369)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/thong.bin"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419369/; classtype:trojan-activity;sid:84282469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419370)"; flow:established,from_client; content:"GET"; http_method; content:"/denispazin/uploads/raw/refs/heads/main/1735500131.bin"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419370/; classtype:trojan-activity;sid:84282470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419371)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/raw/refs/heads/main/3.bin"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419371/; classtype:trojan-activity;sid:84282471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419372)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/raw/refs/heads/main/1.bin"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419372/; classtype:trojan-activity;sid:84282472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419346)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"111.231.144.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419346/; classtype:trojan-activity;sid:84282446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419348)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"49.234.38.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419348/; classtype:trojan-activity;sid:84282448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419349)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.204.56.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419349/; classtype:trojan-activity;sid:84282449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419350)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"142.171.32.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419350/; classtype:trojan-activity;sid:84282450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419352)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.83.218.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419352/; classtype:trojan-activity;sid:84282452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419353)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.43.227.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419353/; classtype:trojan-activity;sid:84282453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419355)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.43.227.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419355/; classtype:trojan-activity;sid:84282455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419336)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.113.217.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419336/; classtype:trojan-activity;sid:84282436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419337)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.43.46.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419337/; classtype:trojan-activity;sid:84282437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419338)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.136.159.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419338/; classtype:trojan-activity;sid:84282438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419339)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"42.192.195.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419339/; classtype:trojan-activity;sid:84282439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419178)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.191.121.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419178/; classtype:trojan-activity;sid:84282278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419180)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"116.110.185.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419180/; classtype:trojan-activity;sid:84282280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419177)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.23.227.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419177/; classtype:trojan-activity;sid:84282277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.231.117.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3419146/; classtype:trojan-activity;sid:84282246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"144.48.171.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3419140/; classtype:trojan-activity;sid:84282240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.160.223.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3419142/; classtype:trojan-activity;sid:84282242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.182.16.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3419143/; classtype:trojan-activity;sid:84282243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419113)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"158.62.198.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3419113/; classtype:trojan-activity;sid:84282213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419094)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"158.62.198.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3419094/; classtype:trojan-activity;sid:84282194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419095)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"158.62.198.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3419095/; classtype:trojan-activity;sid:84282195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419078)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"158.62.198.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3419078/; classtype:trojan-activity;sid:84282178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419079)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"158.62.198.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3419079/; classtype:trojan-activity;sid:84282179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419060)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"158.62.198.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3419060/; classtype:trojan-activity;sid:84282160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419068)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"158.62.198.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3419068/; classtype:trojan-activity;sid:84282168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419069)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"158.62.198.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3419069/; classtype:trojan-activity;sid:84282169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419075)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"158.62.198.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3419075/; classtype:trojan-activity;sid:84282175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419021)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"158.62.198.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3419021/; classtype:trojan-activity;sid:84282121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419022)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"158.62.198.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3419022/; classtype:trojan-activity;sid:84282122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419009)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"158.62.198.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3419009/; classtype:trojan-activity;sid:84282109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418798)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.236.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418798/; classtype:trojan-activity;sid:84281898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418799)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.239.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418799/; classtype:trojan-activity;sid:84281899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.235.239.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418758/; classtype:trojan-activity;sid:84281858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.63.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418754/; classtype:trojan-activity;sid:84281854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.239.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418742/; classtype:trojan-activity;sid:84281842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418732)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"14.224.174.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418732/; classtype:trojan-activity;sid:84281832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.63.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418729/; classtype:trojan-activity;sid:84281829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418697)"; flow:established,from_client; content:"GET"; http_method; content:"/js/s.rar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.78.147.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418697/; classtype:trojan-activity;sid:84281797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418693)"; flow:established,from_client; content:"GET"; http_method; content:"/sys.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"194.38.23.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418693/; classtype:trojan-activity;sid:84281793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418692)"; flow:established,from_client; content:"GET"; http_method; content:"/adfind.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418692/; classtype:trojan-activity;sid:84281792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418691)"; flow:established,from_client; content:"GET"; http_method; content:"/poortry.sys"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418691/; classtype:trojan-activity;sid:84281791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418683)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/hanzo.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418683/; classtype:trojan-activity;sid:84281783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418684)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/xxx.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418684/; classtype:trojan-activity;sid:84281784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418685)"; flow:established,from_client; content:"GET"; http_method; content:"/rar.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418685/; classtype:trojan-activity;sid:84281785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418686)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/blessed.ps1"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418686/; classtype:trojan-activity;sid:84281786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418687)"; flow:established,from_client; content:"GET"; http_method; content:"/file.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418687/; classtype:trojan-activity;sid:84281787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418688)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/code.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418688/; classtype:trojan-activity;sid:84281788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418689)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/pappy.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418689/; classtype:trojan-activity;sid:84281789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418690)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418690/; classtype:trojan-activity;sid:84281790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418678)"; flow:established,from_client; content:"GET"; http_method; content:"/bugs.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418678/; classtype:trojan-activity;sid:84281778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418679)"; flow:established,from_client; content:"GET"; http_method; content:"/key.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418679/; classtype:trojan-activity;sid:84281779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418680)"; flow:established,from_client; content:"GET"; http_method; content:"/transfer2.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418680/; classtype:trojan-activity;sid:84281780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418681)"; flow:established,from_client; content:"GET"; http_method; content:"/formulaedc.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418681/; classtype:trojan-activity;sid:84281781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418682)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/test.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.120.120.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418682/; classtype:trojan-activity;sid:84281782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418669)"; flow:established,from_client; content:"GET"; http_method; content:"/trial.elf"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418669/; classtype:trojan-activity;sid:84281769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418670)"; flow:established,from_client; content:"GET"; http_method; content:"/transfer3.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418670/; classtype:trojan-activity;sid:84281770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418672)"; flow:established,from_client; content:"GET"; http_method; content:"/mimikatz.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418672/; classtype:trojan-activity;sid:84281772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418649)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.12.116"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418649/; classtype:trojan-activity;sid:84281749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418626)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.236.160.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418626/; classtype:trojan-activity;sid:84281726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418588)"; flow:established,from_client; content:"GET"; http_method; content:"/app/mps2.0.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"app-antiriciclaggio-mps.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418588/; classtype:trojan-activity;sid:84281688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418549)"; flow:established,from_client; content:"GET"; http_method; content:"/chrome/install/chrome.apk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"chromeupd-mo.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418549/; classtype:trojan-activity;sid:84281649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418544)"; flow:established,from_client; content:"GET"; http_method; content:"/avastavv.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"nationwideavast.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418544/; classtype:trojan-activity;sid:84281644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418541)"; flow:established,from_client; content:"GET"; http_method; content:"/avastavv.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"nationwideavast.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418541/; classtype:trojan-activity;sid:84281641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418542)"; flow:established,from_client; content:"GET"; http_method; content:"/avastavv.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"commavast.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418542/; classtype:trojan-activity;sid:84281642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418543)"; flow:established,from_client; content:"GET"; http_method; content:"/avastavv.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"commavast.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418543/; classtype:trojan-activity;sid:84281643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.105.199.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418477/; classtype:trojan-activity;sid:84281577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.19.136"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418451/; classtype:trojan-activity;sid:84281551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.19.136"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418439/; classtype:trojan-activity;sid:84281539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"158.255.83.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418296/; classtype:trojan-activity;sid:84281396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.105.199.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418283/; classtype:trojan-activity;sid:84281383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418042)"; flow:established,from_client; content:"GET"; http_method; content:"/cab/launcherloader.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.newkey.co.kr"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418042/; classtype:trojan-activity;sid:84281142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.32.249.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417858/; classtype:trojan-activity;sid:84280958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.119.175.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417859/; classtype:trojan-activity;sid:84280959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.141.166.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417860/; classtype:trojan-activity;sid:84280960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417827)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"183.171.5.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417827/; classtype:trojan-activity;sid:84280927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417486)"; flow:established,from_client; content:"GET"; http_method; content:"/7zr.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"146.56.118.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417486/; classtype:trojan-activity;sid:84280586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417485)"; flow:established,from_client; content:"GET"; http_method; content:"/z.zip"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"146.56.118.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417485/; classtype:trojan-activity;sid:84280585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417483)"; flow:established,from_client; content:"GET"; http_method; content:"/tpm2emu.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"146.56.118.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417483/; classtype:trojan-activity;sid:84280583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417484)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/mearpck.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417484/; classtype:trojan-activity;sid:84280584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"8.28.106.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417425/; classtype:trojan-activity;sid:84280525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"8.28.106.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417396/; classtype:trojan-activity;sid:84280496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417372)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.35.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417372/; classtype:trojan-activity;sid:84280472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417373)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.35.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417373/; classtype:trojan-activity;sid:84280473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417374)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.35.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417374/; classtype:trojan-activity;sid:84280474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417351)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"209.141.35.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417351/; classtype:trojan-activity;sid:84280451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417350)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.35.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417350/; classtype:trojan-activity;sid:84280450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417342)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.123.46.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417342/; classtype:trojan-activity;sid:84280442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417343)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.35.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417343/; classtype:trojan-activity;sid:84280443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417344)"; flow:established,from_client; content:"GET"; http_method; content:"/arm61"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"209.141.35.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417344/; classtype:trojan-activity;sid:84280444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417345)"; flow:established,from_client; content:"GET"; http_method; content:"/586"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.35.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417345/; classtype:trojan-activity;sid:84280445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417346)"; flow:established,from_client; content:"GET"; http_method; content:"/co"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"209.141.35.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417346/; classtype:trojan-activity;sid:84280446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417347)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.35.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417347/; classtype:trojan-activity;sid:84280447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417348)"; flow:established,from_client; content:"GET"; http_method; content:"/dss"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.35.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417348/; classtype:trojan-activity;sid:84280448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417203)"; flow:established,from_client; content:"GET"; http_method; content:"/peroxic/peroxic/releases/download/1/demon.bin"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417203/; classtype:trojan-activity;sid:84280303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417195)"; flow:established,from_client; content:"GET"; http_method; content:"/madamwebxxxxxxxxxxxxxxxxxxxxxxxxxxx897675645687980.txt"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"192.3.95.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417195/; classtype:trojan-activity;sid:84280295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417201)"; flow:established,from_client; content:"GET"; http_method; content:"/siscorppppxxxxxxxxxxxxxxxxxxxxxxxx433.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"192.3.95.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417201/; classtype:trojan-activity;sid:84280301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417175)"; flow:established,from_client; content:"GET"; http_method; content:"/networkrip.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.135.194.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417175/; classtype:trojan-activity;sid:84280275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417176)"; flow:established,from_client; content:"GET"; http_method; content:"/networkrip.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.135.194.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417176/; classtype:trojan-activity;sid:84280276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417177)"; flow:established,from_client; content:"GET"; http_method; content:"/networkrip.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.135.194.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417177/; classtype:trojan-activity;sid:84280277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417178)"; flow:established,from_client; content:"GET"; http_method; content:"/networkrip.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.135.194.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417178/; classtype:trojan-activity;sid:84280278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417179)"; flow:established,from_client; content:"GET"; http_method; content:"/networkrip.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.135.194.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417179/; classtype:trojan-activity;sid:84280279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417180)"; flow:established,from_client; content:"GET"; http_method; content:"/networkrip.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.135.194.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417180/; classtype:trojan-activity;sid:84280280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417181)"; flow:established,from_client; content:"GET"; http_method; content:"/networkrip.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.135.194.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417181/; classtype:trojan-activity;sid:84280281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417182)"; flow:established,from_client; content:"GET"; http_method; content:"/networkrip.arm4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.135.194.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417182/; classtype:trojan-activity;sid:84280282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417183)"; flow:established,from_client; content:"GET"; http_method; content:"/networkrip.armv7l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.135.194.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417183/; classtype:trojan-activity;sid:84280283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417184)"; flow:established,from_client; content:"GET"; http_method; content:"/networkrip.sparc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.135.194.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417184/; classtype:trojan-activity;sid:84280284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417185)"; flow:established,from_client; content:"GET"; http_method; content:"/appserv/!help_sos.hta"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.29.95.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417185/; classtype:trojan-activity;sid:84280285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417095)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1t9mwfr1azhmksosp19tomch5dyi3hb2n"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417095/; classtype:trojan-activity;sid:84280195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417085)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.197.160.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417085/; classtype:trojan-activity;sid:84280185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.69.61.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3416758/; classtype:trojan-activity;sid:84279858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416733)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.48.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3416733/; classtype:trojan-activity;sid:84279833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.165.237.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416671/; classtype:trojan-activity;sid:84279771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.165.237.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416673/; classtype:trojan-activity;sid:84279773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.165.237.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416674/; classtype:trojan-activity;sid:84279774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.187.31.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416676/; classtype:trojan-activity;sid:84279776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416610)"; flow:established,from_client; content:"GET"; http_method; content:"/yeryisbetter/not-download/refs/heads/main/discord.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416610/; classtype:trojan-activity;sid:84279710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416611)"; flow:established,from_client; content:"GET"; http_method; content:"/imperiska/lekers/raw/refs/heads/main/noyjhoadw.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416611/; classtype:trojan-activity;sid:84279711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416590)"; flow:established,from_client; content:"GET"; http_method; content:"/phpmyadmin/themes/original/!help_sos.hta"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"202.29.95.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416590/; classtype:trojan-activity;sid:84279690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416579)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/njdmami.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416579/; classtype:trojan-activity;sid:84279679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416582)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/ksddssp.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416582/; classtype:trojan-activity;sid:84279682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416441)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.134.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416441/; classtype:trojan-activity;sid:84279541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.109.205.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416278/; classtype:trojan-activity;sid:84279378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.109.205.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416249/; classtype:trojan-activity;sid:84279349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416218)"; flow:established,from_client; content:"GET"; http_method; content:"/c.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.113.115.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416218/; classtype:trojan-activity;sid:84279318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416216)"; flow:established,from_client; content:"GET"; http_method; content:"/a.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.113.115.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416216/; classtype:trojan-activity;sid:84279316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416217)"; flow:established,from_client; content:"GET"; http_method; content:"/b.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.113.115.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416217/; classtype:trojan-activity;sid:84279317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.69.61.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416146/; classtype:trojan-activity;sid:84279246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.29.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3415882/; classtype:trojan-activity;sid:84278982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415870)"; flow:established,from_client; content:"GET"; http_method; content:"/qwpqetv/1.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"jade-associates.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3415870/; classtype:trojan-activity;sid:84278970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.87.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3415574/; classtype:trojan-activity;sid:84278674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.96.142.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415455/; classtype:trojan-activity;sid:84278555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415369)"; flow:established,from_client; content:"GET"; http_method; content:"/lovform.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"191.96.207.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415369/; classtype:trojan-activity;sid:84278469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415366)"; flow:established,from_client; content:"GET"; http_method; content:"/rodham.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"191.96.207.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415366/; classtype:trojan-activity;sid:84278466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415367)"; flow:established,from_client; content:"GET"; http_method; content:"/sociableness.wsf"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"191.96.207.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415367/; classtype:trojan-activity;sid:84278467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415335)"; flow:established,from_client; content:"GET"; http_method; content:"/dhdhdhdhdhdhdjejemndbcbdsjckdolrrdpalsngdudjdhxudu4658w9qi686"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"bv.dopt.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415335/; classtype:trojan-activity;sid:84278435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415336)"; flow:established,from_client; content:"GET"; http_method; content:"/dhjdjdnfnfhhfkdkdmdnchxksjshdfhcyjdjdhdhdhrhrhrnr848473839arm4"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"bv.dopt.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415336/; classtype:trojan-activity;sid:84278436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415337)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bv.dopt.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415337/; classtype:trojan-activity;sid:84278437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415338)"; flow:established,from_client; content:"GET"; http_method; content:"/coenceicje9d84rncntdysiwiwihehrurificdddfdffffarm4t"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"bv.dopt.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415338/; classtype:trojan-activity;sid:84278438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415342)"; flow:established,from_client; content:"GET"; http_method; content:"/0ekndbcjskaspc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bv.dopt.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415342/; classtype:trojan-activity;sid:84278442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415343)"; flow:established,from_client; content:"GET"; http_method; content:"/avasaekekejeoeodmxkkkmpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"bv.dopt.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415343/; classtype:trojan-activity;sid:84278443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415346)"; flow:established,from_client; content:"GET"; http_method; content:"/0394849djndndndndnnppc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"bv.dopt.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415346/; classtype:trojan-activity;sid:84278446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415347)"; flow:established,from_client; content:"GET"; http_method; content:"/sshsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bv.dopt.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415347/; classtype:trojan-activity;sid:84278447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415348)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bv.dopt.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415348/; classtype:trojan-activity;sid:84278448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415322)"; flow:established,from_client; content:"GET"; http_method; content:"/0000099994rhfnfcjeuejifirririirdddmxxhhxuajakajshfuejeudychdis73uwhsys8q992arm6"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"77.90.7.228"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415322/; classtype:trojan-activity;sid:84278422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415324)"; flow:established,from_client; content:"GET"; http_method; content:"/sshsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.90.7.228"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415324/; classtype:trojan-activity;sid:84278424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415327)"; flow:established,from_client; content:"GET"; http_method; content:"/coenceicje9d84rncntdysiwiwihehrurificdddfdffffarm4t"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"77.90.7.228"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415327/; classtype:trojan-activity;sid:84278427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415328)"; flow:established,from_client; content:"GET"; http_method; content:"/dhdhdhdhdhdhdjejemndbcbdsjckdolrrdpalsngdudjdhxudu4658w9qi686"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"77.90.7.228"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415328/; classtype:trojan-activity;sid:84278428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415329)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.90.7.228"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415329/; classtype:trojan-activity;sid:84278429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415332)"; flow:established,from_client; content:"GET"; http_method; content:"/0ekndbcjskaspc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"77.90.7.228"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415332/; classtype:trojan-activity;sid:84278432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415333)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"77.90.7.228"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415333/; classtype:trojan-activity;sid:84278433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.165.237.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415308/; classtype:trojan-activity;sid:84278408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415294)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"116.103.173.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415294/; classtype:trojan-activity;sid:84278394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415238)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique1/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415238/; classtype:trojan-activity;sid:84278338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415209)"; flow:established,from_client; content:"GET"; http_method; content:"/loginanticheat.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415209/; classtype:trojan-activity;sid:84278309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415208)"; flow:established,from_client; content:"GET"; http_method; content:"/newgmex.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415208/; classtype:trojan-activity;sid:84278308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415207)"; flow:established,from_client; content:"GET"; http_method; content:"/loginanticheat4.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415207/; classtype:trojan-activity;sid:84278307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415206)"; flow:established,from_client; content:"GET"; http_method; content:"/gmex.dll"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415206/; classtype:trojan-activity;sid:84278306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415189)"; flow:established,from_client; content:"GET"; http_method; content:"/winring0x64.sys"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415189/; classtype:trojan-activity;sid:84278289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.64.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415070/; classtype:trojan-activity;sid:84278170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.29.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415046/; classtype:trojan-activity;sid:84278146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.64.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415044/; classtype:trojan-activity;sid:84278144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415031)"; flow:established,from_client; content:"GET"; http_method; content:"/js/4577.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"130.162.152.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415031/; classtype:trojan-activity;sid:84278131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415026)"; flow:established,from_client; content:"GET"; http_method; content:"/js/s.rar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"130.162.152.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415026/; classtype:trojan-activity;sid:84278126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415025)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mq.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.162.152.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415025/; classtype:trojan-activity;sid:84278125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415006)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415006/; classtype:trojan-activity;sid:84278106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415005)"; flow:established,from_client; content:"GET"; http_method; content:"/lolminer.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415005/; classtype:trojan-activity;sid:84278105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415003)"; flow:established,from_client; content:"GET"; http_method; content:"/conhost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415003/; classtype:trojan-activity;sid:84278103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414992)"; flow:established,from_client; content:"GET"; http_method; content:"/keybinder/download/dll/sampcac-loader.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"staatsgewalt.jameschans.de"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3414992/; classtype:trojan-activity;sid:84278092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414980)"; flow:established,from_client; content:"GET"; http_method; content:"/abc/15.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"121.127.231.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3414980/; classtype:trojan-activity;sid:84278080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414836)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.63.187.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3414836/; classtype:trojan-activity;sid:84277936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414837)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.63.187.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3414837/; classtype:trojan-activity;sid:84277937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414839)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.63.187.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3414839/; classtype:trojan-activity;sid:84277939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414840)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.63.187.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3414840/; classtype:trojan-activity;sid:84277940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.63.187.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3414841/; classtype:trojan-activity;sid:84277941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414796)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.149.38.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3414796/; classtype:trojan-activity;sid:84277896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414738)"; flow:established,from_client; content:"GET"; http_method; content:"/b.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.113.115.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3414738/; classtype:trojan-activity;sid:84277838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414736)"; flow:established,from_client; content:"GET"; http_method; content:"/a.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.113.115.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3414736/; classtype:trojan-activity;sid:84277836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.126.138.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3414681/; classtype:trojan-activity;sid:84277781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414357)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.166.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3414357/; classtype:trojan-activity;sid:84277457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414288)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.32.41.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414288/; classtype:trojan-activity;sid:84277388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414289)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"89.32.41.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414289/; classtype:trojan-activity;sid:84277389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414290)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.32.41.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414290/; classtype:trojan-activity;sid:84277390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414291)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.32.41.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414291/; classtype:trojan-activity;sid:84277391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414292)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.32.41.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414292/; classtype:trojan-activity;sid:84277392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414293)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.32.41.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414293/; classtype:trojan-activity;sid:84277393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414295)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.32.41.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414295/; classtype:trojan-activity;sid:84277395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.225.231.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414209/; classtype:trojan-activity;sid:84277309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414065)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"171.246.87.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414065/; classtype:trojan-activity;sid:84277165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.204.218.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414039/; classtype:trojan-activity;sid:84277139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"210.209.236.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414035/; classtype:trojan-activity;sid:84277135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.96.142.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414033/; classtype:trojan-activity;sid:84277133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.45.73.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414029/; classtype:trojan-activity;sid:84277129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414022)"; flow:established,from_client; content:"GET"; http_method; content:"/fuck.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.200.78.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414022/; classtype:trojan-activity;sid:84277122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414021)"; flow:established,from_client; content:"GET"; http_method; content:"/fuck.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.200.78.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414021/; classtype:trojan-activity;sid:84277121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414009)"; flow:established,from_client; content:"GET"; http_method; content:"/fuck.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.200.78.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414009/; classtype:trojan-activity;sid:84277109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414010)"; flow:established,from_client; content:"GET"; http_method; content:"/fuck.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.200.78.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414010/; classtype:trojan-activity;sid:84277110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414011)"; flow:established,from_client; content:"GET"; http_method; content:"/fuck.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.200.78.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414011/; classtype:trojan-activity;sid:84277111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414012)"; flow:established,from_client; content:"GET"; http_method; content:"/fuck.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.200.78.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414012/; classtype:trojan-activity;sid:84277112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414013)"; flow:established,from_client; content:"GET"; http_method; content:"/fuck.i586"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.200.78.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414013/; classtype:trojan-activity;sid:84277113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414014)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.200.78.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414014/; classtype:trojan-activity;sid:84277114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414015)"; flow:established,from_client; content:"GET"; http_method; content:"/fuck.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.200.78.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414015/; classtype:trojan-activity;sid:84277115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414016)"; flow:established,from_client; content:"GET"; http_method; content:"/fuck.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.200.78.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414016/; classtype:trojan-activity;sid:84277116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414017)"; flow:established,from_client; content:"GET"; http_method; content:"/fuck.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.200.78.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414017/; classtype:trojan-activity;sid:84277117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414018)"; flow:established,from_client; content:"GET"; http_method; content:"/fuck.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.200.78.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414018/; classtype:trojan-activity;sid:84277118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414019)"; flow:established,from_client; content:"GET"; http_method; content:"/fuck.sparc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"193.200.78.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414019/; classtype:trojan-activity;sid:84277119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414020)"; flow:established,from_client; content:"GET"; http_method; content:"/fuck.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.200.78.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414020/; classtype:trojan-activity;sid:84277120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3413964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.45.73.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3413964/; classtype:trojan-activity;sid:84277064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3413962)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.225.231.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3413962/; classtype:trojan-activity;sid:84277062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3413919)"; flow:established,from_client; content:"GET"; http_method; content:"/update.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.208.159.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3413919/; classtype:trojan-activity;sid:84277019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3413905)"; flow:established,from_client; content:"GET"; http_method; content:"/test.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.208.159.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3413905/; classtype:trojan-activity;sid:84277005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3413840)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.64.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3413840/; classtype:trojan-activity;sid:84276940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3413675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.105.59.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3413675/; classtype:trojan-activity;sid:84276775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3413592)"; flow:established,from_client; content:"GET"; http_method; content:"/sex.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.102.104.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3413592/; classtype:trojan-activity;sid:84276692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3413488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.225.231.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3413488/; classtype:trojan-activity;sid:84276588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3413229)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.35.179.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3413229/; classtype:trojan-activity;sid:84276329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3413207)"; flow:established,from_client; content:"GET"; http_method; content:"/matrix2077v2/dsiasif/refs/heads/main/main_mpsl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3413207/; classtype:trojan-activity;sid:84276307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3413056)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.237.155.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3413056/; classtype:trojan-activity;sid:84276156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3413041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.115.174.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3413041/; classtype:trojan-activity;sid:84276141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3413014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.115.174.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3413014/; classtype:trojan-activity;sid:84276114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.206.216.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412918/; classtype:trojan-activity;sid:84276018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.165.237.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412921/; classtype:trojan-activity;sid:84276021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412893)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"164.126.132.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412893/; classtype:trojan-activity;sid:84275993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412810)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"190.123.46.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412810/; classtype:trojan-activity;sid:84275910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412811)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"190.123.46.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412811/; classtype:trojan-activity;sid:84275911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412812)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.123.46.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412812/; classtype:trojan-activity;sid:84275912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412813)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.123.46.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412813/; classtype:trojan-activity;sid:84275913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412814)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.123.46.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412814/; classtype:trojan-activity;sid:84275914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412815)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"190.123.46.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412815/; classtype:trojan-activity;sid:84275915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412816)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"190.123.46.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412816/; classtype:trojan-activity;sid:84275916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412817)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.123.46.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412817/; classtype:trojan-activity;sid:84275917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412818)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.123.46.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412818/; classtype:trojan-activity;sid:84275918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412819)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"190.123.46.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412819/; classtype:trojan-activity;sid:84275919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412679)"; flow:established,from_client; content:"GET"; http_method; content:"/c/kt4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.221.97.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412679/; classtype:trojan-activity;sid:84275779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412678)"; flow:established,from_client; content:"GET"; http_method; content:"/c/kt10"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.221.97.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412678/; classtype:trojan-activity;sid:84275778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412676)"; flow:established,from_client; content:"GET"; http_method; content:"/c/kt2"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.221.97.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412676/; classtype:trojan-activity;sid:84275776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412669)"; flow:established,from_client; content:"GET"; http_method; content:"/c/kt8"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.221.97.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412669/; classtype:trojan-activity;sid:84275769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412670)"; flow:established,from_client; content:"GET"; http_method; content:"/c/kt3"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.221.97.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412670/; classtype:trojan-activity;sid:84275770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412671)"; flow:established,from_client; content:"GET"; http_method; content:"/c/kt12"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.221.97.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412671/; classtype:trojan-activity;sid:84275771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412672)"; flow:established,from_client; content:"GET"; http_method; content:"/c/kt6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.221.97.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412672/; classtype:trojan-activity;sid:84275772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412673)"; flow:established,from_client; content:"GET"; http_method; content:"/c/kt7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.221.97.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412673/; classtype:trojan-activity;sid:84275773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412674)"; flow:established,from_client; content:"GET"; http_method; content:"/c/kt5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.221.97.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412674/; classtype:trojan-activity;sid:84275774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412675)"; flow:established,from_client; content:"GET"; http_method; content:"/c/kt1"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.221.97.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412675/; classtype:trojan-activity;sid:84275775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412652)"; flow:established,from_client; content:"GET"; http_method; content:"/drivespan.dll"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"107.172.201.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412652/; classtype:trojan-activity;sid:84275752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412653)"; flow:established,from_client; content:"GET"; http_method; content:"/python312-32.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"107.172.201.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412653/; classtype:trojan-activity;sid:84275753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412639)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.249.52.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412639/; classtype:trojan-activity;sid:84275739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.87.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412560/; classtype:trojan-activity;sid:84275660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412481)"; flow:established,from_client; content:"GET"; http_method; content:"/imperiska/lekers/raw/refs/heads/main/noyjhoadw.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412481/; classtype:trojan-activity;sid:84275581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412406)"; flow:established,from_client; content:"GET"; http_method; content:"/c/h.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.221.97.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412406/; classtype:trojan-activity;sid:84275506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412252)"; flow:established,from_client; content:"GET"; http_method; content:"/monkeyrizz/apiupdater/refs/heads/main/apiupdater.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412252/; classtype:trojan-activity;sid:84275352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412247)"; flow:established,from_client; content:"GET"; http_method; content:"/benitocamelas2025/datos/refs/heads/main/conexionvb.txt"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412247/; classtype:trojan-activity;sid:84275347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412238)"; flow:established,from_client; content:"GET"; http_method; content:"/oraples/klick/master/windows.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412238/; classtype:trojan-activity;sid:84275338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412225)"; flow:established,from_client; content:"GET"; http_method; content:"/madamwebbbbbxxxxxxxx.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"192.3.95.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412225/; classtype:trojan-activity;sid:84275325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412120)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.92.254.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412120/; classtype:trojan-activity;sid:84275220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412076)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.215.5.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412076/; classtype:trojan-activity;sid:84275176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.215.5.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412058/; classtype:trojan-activity;sid:84275158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411900)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.102.166.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411900/; classtype:trojan-activity;sid:84275000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411896)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"101.168.63.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411896/; classtype:trojan-activity;sid:84274996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411892)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.233.131.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411892/; classtype:trojan-activity;sid:84274992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411886)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"115.79.187.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411886/; classtype:trojan-activity;sid:84274986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411880)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.197.228.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411880/; classtype:trojan-activity;sid:84274980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.142.68.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411869/; classtype:trojan-activity;sid:84274969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.254.23.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411864/; classtype:trojan-activity;sid:84274964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.160.216.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411853/; classtype:trojan-activity;sid:84274953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.0.249.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411856/; classtype:trojan-activity;sid:84274956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.11.94.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411857/; classtype:trojan-activity;sid:84274957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.125.180.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411860/; classtype:trojan-activity;sid:84274960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.49.65.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411850/; classtype:trojan-activity;sid:84274950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411658)"; flow:established,from_client; content:"GET"; http_method; content:"/abc/36.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"121.127.231.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411658/; classtype:trojan-activity;sid:84274758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411647)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.114.81.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411647/; classtype:trojan-activity;sid:84274747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411643)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.114.81.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411643/; classtype:trojan-activity;sid:84274743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411642)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.112.97.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411642/; classtype:trojan-activity;sid:84274742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411641)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.112.97.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411641/; classtype:trojan-activity;sid:84274741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411640)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.114.81.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411640/; classtype:trojan-activity;sid:84274740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411639)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.114.81.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411639/; classtype:trojan-activity;sid:84274739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411638)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.112.97.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411638/; classtype:trojan-activity;sid:84274738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411622)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.112.97.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411622/; classtype:trojan-activity;sid:84274722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411625)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.112.97.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411625/; classtype:trojan-activity;sid:84274725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411627)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.112.97.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411627/; classtype:trojan-activity;sid:84274727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411616)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.114.81.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411616/; classtype:trojan-activity;sid:84274716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411618)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.114.81.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411618/; classtype:trojan-activity;sid:84274718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411588)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.128.233.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411588/; classtype:trojan-activity;sid:84274688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411589)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.128.233.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411589/; classtype:trojan-activity;sid:84274689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411590)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.128.233.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411590/; classtype:trojan-activity;sid:84274690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411591)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.128.233.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411591/; classtype:trojan-activity;sid:84274691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411592)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.128.233.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411592/; classtype:trojan-activity;sid:84274692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411593)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.128.233.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411593/; classtype:trojan-activity;sid:84274693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411594)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.128.233.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411594/; classtype:trojan-activity;sid:84274694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411595)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.128.233.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411595/; classtype:trojan-activity;sid:84274695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411596)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.128.233.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411596/; classtype:trojan-activity;sid:84274696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411597)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.128.233.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411597/; classtype:trojan-activity;sid:84274697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411587)"; flow:established,from_client; content:"GET"; http_method; content:"/sakura.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.128.233.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411587/; classtype:trojan-activity;sid:84274687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410877)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/refs/heads/main/bao.bin"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3410877/; classtype:trojan-activity;sid:84273977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410868)"; flow:established,from_client; content:"GET"; http_method; content:"/helps/helphelp1207/helps.hta"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"tests.yjzj.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3410868/; classtype:trojan-activity;sid:84273968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410864)"; flow:established,from_client; content:"GET"; http_method; content:"/blackhatethicalhacking/fud/blob/master/access.exe|3f|raw=true"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3410864/; classtype:trojan-activity;sid:84273964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410865)"; flow:established,from_client; content:"GET"; http_method; content:"/blackhatethicalhacking/fud/raw/refs/heads/master/access.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3410865/; classtype:trojan-activity;sid:84273965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410866)"; flow:established,from_client; content:"GET"; http_method; content:"/abjay231/knack/main/e.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3410866/; classtype:trojan-activity;sid:84273966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410718)"; flow:established,from_client; content:"GET"; http_method; content:"/cos"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ah-scanning.oss-cn-hongkong.aliyuncs.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3410718/; classtype:trojan-activity;sid:84273818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410398)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"83.229.122.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3410398/; classtype:trojan-activity;sid:84273498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410399)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"82.156.0.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3410399/; classtype:trojan-activity;sid:84273499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410404)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.71.164.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3410404/; classtype:trojan-activity;sid:84273504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410406)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.71.164.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3410406/; classtype:trojan-activity;sid:84273506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410381)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"115.79.187.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3410381/; classtype:trojan-activity;sid:84273481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410382)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.176.252.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3410382/; classtype:trojan-activity;sid:84273482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410375)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.11.36.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3410375/; classtype:trojan-activity;sid:84273475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"208.131.166.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3410365/; classtype:trojan-activity;sid:84273465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410353)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.79.237.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3410353/; classtype:trojan-activity;sid:84273453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.54.162.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3410357/; classtype:trojan-activity;sid:84273457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.84.3.30"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3410348/; classtype:trojan-activity;sid:84273448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.101.88.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3410351/; classtype:trojan-activity;sid:84273451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410338)"; flow:established,from_client; content:"GET"; http_method; content:"/sammenligningsoperatorernes.wsf"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"191.96.207.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3410338/; classtype:trojan-activity;sid:84273438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410339)"; flow:established,from_client; content:"GET"; http_method; content:"/fuldautomatiseres.vbs"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"191.96.207.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3410339/; classtype:trojan-activity;sid:84273439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410098)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.170.103.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3410098/; classtype:trojan-activity;sid:84273198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410089)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"193.200.78.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3410089/; classtype:trojan-activity;sid:84273189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409937)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/uqwodquojqoqdo.x86"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"107.172.51.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409937/; classtype:trojan-activity;sid:84273037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409938)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/uqwodquojqoqdo.arm"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"107.172.51.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409938/; classtype:trojan-activity;sid:84273038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409933)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/uqwodquojqoqdo.ppc"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"107.172.51.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409933/; classtype:trojan-activity;sid:84273033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409934)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/uqwodquojqoqdo.mips"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"107.172.51.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409934/; classtype:trojan-activity;sid:84273034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409935)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/uqwodquojqoqdo.arc"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"107.172.51.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409935/; classtype:trojan-activity;sid:84273035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409936)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/uqwodquojqoqdo.arm5"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"107.172.51.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409936/; classtype:trojan-activity;sid:84273036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409932)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/uqwodquojqoqdo.sh4"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"107.172.51.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409932/; classtype:trojan-activity;sid:84273032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409928)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/uqwodquojqoqdo.m68k"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"107.172.51.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409928/; classtype:trojan-activity;sid:84273028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409929)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/uqwodquojqoqdo.arm6"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"107.172.51.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409929/; classtype:trojan-activity;sid:84273029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409930)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/uqwodquojqoqdo.mpsl"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"107.172.51.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409930/; classtype:trojan-activity;sid:84273030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409931)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/uqwodquojqoqdo.spc"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"107.172.51.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409931/; classtype:trojan-activity;sid:84273031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409925)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.172.51.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409925/; classtype:trojan-activity;sid:84273025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409926)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.172.51.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409926/; classtype:trojan-activity;sid:84273026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409840)"; flow:established,from_client; content:"GET"; http_method; content:"/game-6d/565/main/99999.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409840/; classtype:trojan-activity;sid:84272940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409842)"; flow:established,from_client; content:"GET"; http_method; content:"/neari44/fash/main/22.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409842/; classtype:trojan-activity;sid:84272942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409843)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"140.238.122.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409843/; classtype:trojan-activity;sid:84272943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409844)"; flow:established,from_client; content:"GET"; http_method; content:"/mpy66/nix/refs/heads/main/discordupdate.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409844/; classtype:trojan-activity;sid:84272944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409837)"; flow:established,from_client; content:"GET"; http_method; content:"/splash2520/splash/refs/heads/main/network.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409837/; classtype:trojan-activity;sid:84272937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409838)"; flow:established,from_client; content:"GET"; http_method; content:"/blackhatethicalhacking/fud/refs/heads/master/access.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409838/; classtype:trojan-activity;sid:84272938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409839)"; flow:established,from_client; content:"GET"; http_method; content:"/ashrx/new/main/rea.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409839/; classtype:trojan-activity;sid:84272939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409831)"; flow:established,from_client; content:"GET"; http_method; content:"/mpy66/nix/raw/refs/heads/main/discordupdate.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409831/; classtype:trojan-activity;sid:84272931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409832)"; flow:established,from_client; content:"GET"; http_method; content:"/rem.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"glennmedina.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409832/; classtype:trojan-activity;sid:84272932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409825)"; flow:established,from_client; content:"GET"; http_method; content:"/sulfux29/customrpcc/releases/download/discord/msystem32.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409825/; classtype:trojan-activity;sid:84272925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409826)"; flow:established,from_client; content:"GET"; http_method; content:"/splash2520/splash/raw/refs/heads/main/network.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409826/; classtype:trojan-activity;sid:84272926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409828)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/rggkafp.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409828/; classtype:trojan-activity;sid:84272928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409813)"; flow:established,from_client; content:"GET"; http_method; content:"/sharphound.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.209.212.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409813/; classtype:trojan-activity;sid:84272913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409812)"; flow:established,from_client; content:"GET"; http_method; content:"/sharphound.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.209.212.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409812/; classtype:trojan-activity;sid:84272912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.13.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409691/; classtype:trojan-activity;sid:84272791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409585)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.63.187.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409585/; classtype:trojan-activity;sid:84272685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409582)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"193.200.78.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409582/; classtype:trojan-activity;sid:84272682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409461)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/uqwodquojqoqdo.arm7"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"107.172.51.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409461/; classtype:trojan-activity;sid:84272561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409437)"; flow:established,from_client; content:"GET"; http_method; content:"/test.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cryptopotato.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3409437/; classtype:trojan-activity;sid:84272537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409438)"; flow:established,from_client; content:"GET"; http_method; content:"/update"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cryptopotato.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3409438/; classtype:trojan-activity;sid:84272538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.40.61.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3409427/; classtype:trojan-activity;sid:84272527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.187.172.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3409429/; classtype:trojan-activity;sid:84272529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.185.252.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3409419/; classtype:trojan-activity;sid:84272519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.11.94.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3409421/; classtype:trojan-activity;sid:84272521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.144.211.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3409422/; classtype:trojan-activity;sid:84272522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72.43.124.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3409416/; classtype:trojan-activity;sid:84272516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409372)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.197.228.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3409372/; classtype:trojan-activity;sid:84272472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409230)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"gemini-desktop.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3409230/; classtype:trojan-activity;sid:84272330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409187)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"193.200.78.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3409187/; classtype:trojan-activity;sid:84272287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3408990)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"193.200.78.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3408990/; classtype:trojan-activity;sid:84272090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3408983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.54.88.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3408983/; classtype:trojan-activity;sid:84272083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3408897)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.128.233.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3408897/; classtype:trojan-activity;sid:84271997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3408893)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.128.233.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3408893/; classtype:trojan-activity;sid:84271993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3408894)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.128.233.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3408894/; classtype:trojan-activity;sid:84271994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3408828)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"193.200.78.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3408828/; classtype:trojan-activity;sid:84271928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3408823)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"193.200.78.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3408823/; classtype:trojan-activity;sid:84271923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3408824)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"193.200.78.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3408824/; classtype:trojan-activity;sid:84271924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3408658)"; flow:established,from_client; content:"GET"; http_method; content:"/naarm7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.121.112.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3408658/; classtype:trojan-activity;sid:84271758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3408672)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"192.210.229.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3408672/; classtype:trojan-activity;sid:84271772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3408680)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"192.210.229.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3408680/; classtype:trojan-activity;sid:84271780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3408650)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"192.210.229.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3408650/; classtype:trojan-activity;sid:84271750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3408652)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"192.210.229.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3408652/; classtype:trojan-activity;sid:84271752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3408654)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"192.210.229.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3408654/; classtype:trojan-activity;sid:84271754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3408601)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"192.210.229.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3408601/; classtype:trojan-activity;sid:84271701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3408602)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"192.210.229.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3408602/; classtype:trojan-activity;sid:84271702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3408603)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"192.210.229.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3408603/; classtype:trojan-activity;sid:84271703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3408604)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"192.210.229.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3408604/; classtype:trojan-activity;sid:84271704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3408573)"; flow:established,from_client; content:"GET"; http_method; content:"/game-6d/mods/main/mod.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3408573/; classtype:trojan-activity;sid:84271673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3408574)"; flow:established,from_client; content:"GET"; http_method; content:"/lokolohot/mods.jarr/main/server.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3408574/; classtype:trojan-activity;sid:84271674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3408575)"; flow:established,from_client; content:"GET"; http_method; content:"/lokolohot/mods.jar/main/server.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3408575/; classtype:trojan-activity;sid:84271675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3408527)"; flow:established,from_client; content:"GET"; http_method; content:"/jw.txt"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"saveyourcinema.ca"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3408527/; classtype:trojan-activity;sid:84271627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3408524)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/kmafahc.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3408524/; classtype:trojan-activity;sid:84271624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3408522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.13.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3408522/; classtype:trojan-activity;sid:84271622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3408298)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.248.81.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3408298/; classtype:trojan-activity;sid:84271398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407492)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i586"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.121.112.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407492/; classtype:trojan-activity;sid:84270592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407494)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.121.112.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407494/; classtype:trojan-activity;sid:84270594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407495)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl-wrt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.121.112.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407495/; classtype:trojan-activity;sid:84270595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407477)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407477/; classtype:trojan-activity;sid:84270577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407478)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407478/; classtype:trojan-activity;sid:84270578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407479)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407479/; classtype:trojan-activity;sid:84270579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407480)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"87.121.112.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407480/; classtype:trojan-activity;sid:84270580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407481)"; flow:established,from_client; content:"GET"; http_method; content:"/telnet.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.121.112.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407481/; classtype:trojan-activity;sid:84270581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407482)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.121.112.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407482/; classtype:trojan-activity;sid:84270582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407483)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407483/; classtype:trojan-activity;sid:84270583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407484)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sparc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"87.121.112.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407484/; classtype:trojan-activity;sid:84270584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407485)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.121.112.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407485/; classtype:trojan-activity;sid:84270585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407486)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.121.112.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407486/; classtype:trojan-activity;sid:84270586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407487)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.121.112.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407487/; classtype:trojan-activity;sid:84270587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407488)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.121.112.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407488/; classtype:trojan-activity;sid:84270588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407489)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/powerpc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.121.112.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407489/; classtype:trojan-activity;sid:84270589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407490)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.121.112.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407490/; classtype:trojan-activity;sid:84270590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407491)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.121.112.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407491/; classtype:trojan-activity;sid:84270591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407476)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.121.112.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407476/; classtype:trojan-activity;sid:84270576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407458)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.178.110.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407458/; classtype:trojan-activity;sid:84270558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407459)"; flow:established,from_client; content:"GET"; http_method; content:"/u"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.178.110.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407459/; classtype:trojan-activity;sid:84270559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407460)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.178.110.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407460/; classtype:trojan-activity;sid:84270560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407461)"; flow:established,from_client; content:"GET"; http_method; content:"/i486"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.178.110.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407461/; classtype:trojan-activity;sid:84270561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407463)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.178.110.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407463/; classtype:trojan-activity;sid:84270563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407453)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"195.178.110.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407453/; classtype:trojan-activity;sid:84270553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407454)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.178.110.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407454/; classtype:trojan-activity;sid:84270554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407455)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.178.110.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407455/; classtype:trojan-activity;sid:84270555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407456)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.178.110.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407456/; classtype:trojan-activity;sid:84270556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407450)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.178.110.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407450/; classtype:trojan-activity;sid:84270550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407451)"; flow:established,from_client; content:"GET"; http_method; content:"/mips64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.178.110.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407451/; classtype:trojan-activity;sid:84270551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407452)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.178.110.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407452/; classtype:trojan-activity;sid:84270552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407446)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"honeybooterz.cve-2021-36260.ru"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407446/; classtype:trojan-activity;sid:84270546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.116.144.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407403/; classtype:trojan-activity;sid:84270503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.182.253.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407388/; classtype:trojan-activity;sid:84270488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.92.228.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407389/; classtype:trojan-activity;sid:84270489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.234.166.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407392/; classtype:trojan-activity;sid:84270492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.182.50.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407393/; classtype:trojan-activity;sid:84270493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.236.250.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407398/; classtype:trojan-activity;sid:84270498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.127.117.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407399/; classtype:trojan-activity;sid:84270499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.207.4.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407401/; classtype:trojan-activity;sid:84270501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.189.196.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407379/; classtype:trojan-activity;sid:84270479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"155.4.101.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407381/; classtype:trojan-activity;sid:84270481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.44.77.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407386/; classtype:trojan-activity;sid:84270486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.220.87.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407387/; classtype:trojan-activity;sid:84270487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.167.209.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407374/; classtype:trojan-activity;sid:84270474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.204.186.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407375/; classtype:trojan-activity;sid:84270475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.12.26.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407377/; classtype:trojan-activity;sid:84270477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.77.246.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407371/; classtype:trojan-activity;sid:84270471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.117.34.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407370/; classtype:trojan-activity;sid:84270470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407360)"; flow:established,from_client; content:"GET"; http_method; content:"/picrotin.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"191.96.207.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407360/; classtype:trojan-activity;sid:84270460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407218)"; flow:established,from_client; content:"GET"; http_method; content:"/bee"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407218/; classtype:trojan-activity;sid:84270318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407132)"; flow:established,from_client; content:"GET"; http_method; content:"/mauigraphics/tabsexplorer/-/raw/main/menu.db"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407132/; classtype:trojan-activity;sid:84270232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407074)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.15.43.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407074/; classtype:trojan-activity;sid:84270174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406976)"; flow:established,from_client; content:"GET"; http_method; content:"/x86|3f|ddos"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406976/; classtype:trojan-activity;sid:84270076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406830)"; flow:established,from_client; content:"GET"; http_method; content:"/mimmort88/popino/main/jij.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406830/; classtype:trojan-activity;sid:84269930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406826)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/dbpmfno.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406826/; classtype:trojan-activity;sid:84269926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406825)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/fdnfakd.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406825/; classtype:trojan-activity;sid:84269925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406818)"; flow:established,from_client; content:"GET"; http_method; content:"/%eb%a7%ac%ec%9b%a8%ec%96%b4.hta"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"hobobot.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406818/; classtype:trojan-activity;sid:84269918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406820)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/ofcarrn.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406820/; classtype:trojan-activity;sid:84269920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406822)"; flow:established,from_client; content:"GET"; http_method; content:"/%eb%b9%8c%ec%96%b4%20%eb%a8%b9%ec%9d%84.hta"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"hobobot.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406822/; classtype:trojan-activity;sid:84269922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406812)"; flow:established,from_client; content:"GET"; http_method; content:"/333.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"207.231.111.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406812/; classtype:trojan-activity;sid:84269912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406570)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/ewe.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"47.236.179.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406570/; classtype:trojan-activity;sid:84269670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406568)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/ewe.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"47.236.179.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406568/; classtype:trojan-activity;sid:84269668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406569)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/ewe.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"47.236.179.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406569/; classtype:trojan-activity;sid:84269669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406564)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/ewe.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"47.236.179.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406564/; classtype:trojan-activity;sid:84269664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406565)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/ewe.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"47.236.179.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406565/; classtype:trojan-activity;sid:84269665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406566)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/ewe.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"47.236.179.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406566/; classtype:trojan-activity;sid:84269666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406567)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/ewe.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"47.236.179.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406567/; classtype:trojan-activity;sid:84269667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406563)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/ewe.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"47.236.179.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406563/; classtype:trojan-activity;sid:84269663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406560)"; flow:established,from_client; content:"GET"; http_method; content:"/ewe.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.236.179.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406560/; classtype:trojan-activity;sid:84269660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406561)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/ewe.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"47.236.179.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406561/; classtype:trojan-activity;sid:84269661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406468)"; flow:established,from_client; content:"GET"; http_method; content:"/journal-article/30343922aca0fb8e53340406c2d9339d/sora2012.pdf"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"dacemirror.sci-hub.se"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406468/; classtype:trojan-activity;sid:84269568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406176)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.103.100.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_19; reference:url, urlhaus.abuse.ch/url/3406176/; classtype:trojan-activity;sid:84269276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.130.61.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_19; reference:url, urlhaus.abuse.ch/url/3405550/; classtype:trojan-activity;sid:84268650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405423)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.141.166.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_19; reference:url, urlhaus.abuse.ch/url/3405423/; classtype:trojan-activity;sid:84268523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405340)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.178.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405340/; classtype:trojan-activity;sid:84268440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405341)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"14.29.160.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405341/; classtype:trojan-activity;sid:84268441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405343)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.140.242.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405343/; classtype:trojan-activity;sid:84268443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405330)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.109.0.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405330/; classtype:trojan-activity;sid:84268430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405321)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.181.172.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405321/; classtype:trojan-activity;sid:84268421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405322)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.181.172.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405322/; classtype:trojan-activity;sid:84268422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405326)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.181.172.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405326/; classtype:trojan-activity;sid:84268426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405329)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.54.96.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405329/; classtype:trojan-activity;sid:84268429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405227)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.93.44.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405227/; classtype:trojan-activity;sid:84268327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405187)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.247.101.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405187/; classtype:trojan-activity;sid:84268287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405178)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.132.81.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405178/; classtype:trojan-activity;sid:84268278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405179)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.59.41.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405179/; classtype:trojan-activity;sid:84268279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405180)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.59.41.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405180/; classtype:trojan-activity;sid:84268280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405181)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.59.41.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405181/; classtype:trojan-activity;sid:84268281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405172)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.24.237.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405172/; classtype:trojan-activity;sid:84268272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.149.38.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405171/; classtype:trojan-activity;sid:84268271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405160)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.19.181.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405160/; classtype:trojan-activity;sid:84268260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405153)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.73.161"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405153/; classtype:trojan-activity;sid:84268253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405155)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"110.239.6.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405155/; classtype:trojan-activity;sid:84268255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405149)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"171.246.87.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405149/; classtype:trojan-activity;sid:84268249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405131)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.48.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405131/; classtype:trojan-activity;sid:84268231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405133)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.147.139.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405133/; classtype:trojan-activity;sid:84268233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405134)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.15.147.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405134/; classtype:trojan-activity;sid:84268234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405135)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.48.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405135/; classtype:trojan-activity;sid:84268235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405138)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"153.162.250.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405138/; classtype:trojan-activity;sid:84268238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405140)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.215.129.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405140/; classtype:trojan-activity;sid:84268240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405142)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"116.110.186.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405142/; classtype:trojan-activity;sid:84268242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405144)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.19.178.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405144/; classtype:trojan-activity;sid:84268244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405145)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.240.194.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405145/; classtype:trojan-activity;sid:84268245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405125)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.147.139.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405125/; classtype:trojan-activity;sid:84268225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405127)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.147.139.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405127/; classtype:trojan-activity;sid:84268227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405128)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.48.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405128/; classtype:trojan-activity;sid:84268228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405129)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.48.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405129/; classtype:trojan-activity;sid:84268229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405121)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.207.245.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405121/; classtype:trojan-activity;sid:84268221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405120)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.20.19.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405120/; classtype:trojan-activity;sid:84268220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.148.26.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405112/; classtype:trojan-activity;sid:84268212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.232.137.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405115/; classtype:trojan-activity;sid:84268215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.190.234.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405116/; classtype:trojan-activity;sid:84268216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.236.129.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405093/; classtype:trojan-activity;sid:84268193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3404992)"; flow:established,from_client; content:"GET"; http_method; content:"/gd85kkjf/plugins/clip64.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.196.8.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3404992/; classtype:trojan-activity;sid:84268092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3404989)"; flow:established,from_client; content:"GET"; http_method; content:"/gd85kkjf/plugins/cred64.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.196.8.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3404989/; classtype:trojan-activity;sid:84268089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3404985)"; flow:established,from_client; content:"GET"; http_method; content:"/gd85kkjf/plugins/clip.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.196.8.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3404985/; classtype:trojan-activity;sid:84268085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3404987)"; flow:established,from_client; content:"GET"; http_method; content:"/gd85kkjf/plugins/cred.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.196.8.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3404987/; classtype:trojan-activity;sid:84268087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3404982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.54.88.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3404982/; classtype:trojan-activity;sid:84268082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3404421)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gold123444.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3404421/; classtype:trojan-activity;sid:84267521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3404420)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/legs.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3404420/; classtype:trojan-activity;sid:84267520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3404211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.208.204.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3404211/; classtype:trojan-activity;sid:84267311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3404097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.54.88.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3404097/; classtype:trojan-activity;sid:84267197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3404075)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.83.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3404075/; classtype:trojan-activity;sid:84267175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3404047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.208.204.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3404047/; classtype:trojan-activity;sid:84267147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3404013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.230.157.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3404013/; classtype:trojan-activity;sid:84267113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3404001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"192.186.101.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3404001/; classtype:trojan-activity;sid:84267101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3404008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.36.194.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3404008/; classtype:trojan-activity;sid:84267108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3403993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.58.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3403993/; classtype:trojan-activity;sid:84267093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3403987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.121.254.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3403987/; classtype:trojan-activity;sid:84267087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3403982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.90.239.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3403982/; classtype:trojan-activity;sid:84267082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3403979)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/rk.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3403979/; classtype:trojan-activity;sid:84267079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3403976)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/envs/dr.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3403976/; classtype:trojan-activity;sid:84267076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3403977)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/qr.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3403977/; classtype:trojan-activity;sid:84267077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3403978)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/g1.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3403978/; classtype:trojan-activity;sid:84267078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3403846)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.208.204.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3403846/; classtype:trojan-activity;sid:84266946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3403757)"; flow:established,from_client; content:"GET"; http_method; content:"/mips|3f|ddos"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3403757/; classtype:trojan-activity;sid:84266857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3403376)"; flow:established,from_client; content:"GET"; http_method; content:"/thanhtung19944/ok-/refs/heads/main/need.bin"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3403376/; classtype:trojan-activity;sid:84266476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3403377)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/refs/heads/main/play.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3403377/; classtype:trojan-activity;sid:84266477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3403378)"; flow:established,from_client; content:"GET"; http_method; content:"/stezxyz/svchost.exe/refs/heads/main/xclient.bin"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3403378/; classtype:trojan-activity;sid:84266478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3403379)"; flow:established,from_client; content:"GET"; http_method; content:"/sleepysnz/skibidi/refs/heads/main/condogenerator.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3403379/; classtype:trojan-activity;sid:84266479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3403380)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/refs/heads/main/payload.bin"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3403380/; classtype:trojan-activity;sid:84266480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3403355)"; flow:established,from_client; content:"GET"; http_method; content:"/top-executors/jjsploit/releases/download/v2.1.0/jjsploit.v2.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3403355/; classtype:trojan-activity;sid:84266455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3403334)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.172.51.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3403334/; classtype:trojan-activity;sid:84266434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402887)"; flow:established,from_client; content:"GET"; http_method; content:"/15012025/pfqxuwr6vgb93gwiml3l.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402887/; classtype:trojan-activity;sid:84265987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402740)"; flow:established,from_client; content:"GET"; http_method; content:"/celestialnft/privatekey-generator/raw/refs/heads/main/wallet-privatekey.pdf.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402740/; classtype:trojan-activity;sid:84265840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402741)"; flow:established,from_client; content:"GET"; http_method; content:"/adobepdf-reader/pdf-reader/raw/refs/heads/main/pdf%20reader.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402741/; classtype:trojan-activity;sid:84265841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402699)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.205.55.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402699/; classtype:trojan-activity;sid:84265799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402576)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402576/; classtype:trojan-activity;sid:84265676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402577)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402577/; classtype:trojan-activity;sid:84265677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402575)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402575/; classtype:trojan-activity;sid:84265675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402573)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402573/; classtype:trojan-activity;sid:84265673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402574)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402574/; classtype:trojan-activity;sid:84265674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402497)"; flow:established,from_client; content:"GET"; http_method; content:"/andresberejno/aaaaaaa/raw/refs/heads/main/client-base.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402497/; classtype:trojan-activity;sid:84265597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402495)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/refs/heads/main/mera.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402495/; classtype:trojan-activity;sid:84265595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402174)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.117.120.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402174/; classtype:trojan-activity;sid:84265274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402175)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.35.235.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402175/; classtype:trojan-activity;sid:84265275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402177)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.90.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402177/; classtype:trojan-activity;sid:84265277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402167)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"54.83.104.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402167/; classtype:trojan-activity;sid:84265267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402171)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"20.189.117.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402171/; classtype:trojan-activity;sid:84265271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.152.45.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402136/; classtype:trojan-activity;sid:84265236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.20.176.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402139/; classtype:trojan-activity;sid:84265239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"148.103.1.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402144/; classtype:trojan-activity;sid:84265244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.70.156.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402149/; classtype:trojan-activity;sid:84265249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.180.18.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402125/; classtype:trojan-activity;sid:84265225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"157.255.22.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402118/; classtype:trojan-activity;sid:84265218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.154.235.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402116/; classtype:trojan-activity;sid:84265216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.181.28.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402115/; classtype:trojan-activity;sid:84265215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3401877)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"72.43.124.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_15; reference:url, urlhaus.abuse.ch/url/3401877/; classtype:trojan-activity;sid:84264977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3401644)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/wpr-addons/forms/code1.png"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"107.180.89.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_15; reference:url, urlhaus.abuse.ch/url/3401644/; classtype:trojan-activity;sid:84264744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3401503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.156.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_15; reference:url, urlhaus.abuse.ch/url/3401503/; classtype:trojan-activity;sid:84264603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3401409)"; flow:established,from_client; content:"GET"; http_method; content:"/receipt5290.html"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"vbccorretoradeseguros.com.br"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_01_15; reference:url, urlhaus.abuse.ch/url/3401409/; classtype:trojan-activity;sid:84264509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3401392)"; flow:established,from_client; content:"GET"; http_method; content:"/brucegang123/bat-automation-test/main/servers.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_15; reference:url, urlhaus.abuse.ch/url/3401392/; classtype:trojan-activity;sid:84264492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3401388)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/refs/heads/main/1.bin"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_15; reference:url, urlhaus.abuse.ch/url/3401388/; classtype:trojan-activity;sid:84264488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3401366)"; flow:established,from_client; content:"GET"; http_method; content:"/brucegang123/bat-automation-test/raw/main/servers.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_15; reference:url, urlhaus.abuse.ch/url/3401366/; classtype:trojan-activity;sid:84264466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3401362)"; flow:established,from_client; content:"GET"; http_method; content:"/fxserver.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"198.50.242.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_15; reference:url, urlhaus.abuse.ch/url/3401362/; classtype:trojan-activity;sid:84264462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3401363)"; flow:established,from_client; content:"GET"; http_method; content:"/files/mac.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"77.105.161.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_15; reference:url, urlhaus.abuse.ch/url/3401363/; classtype:trojan-activity;sid:84264463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3401350)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/rodriakd-8413d.appspot.com/o/dll%2fdllnewis.txt|3f|alt=media|7c|26|7c|token=1e20d0db-d43d-4d04-9d7b-f22a284a8f6a"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_01_15; reference:url, urlhaus.abuse.ch/url/3401350/; classtype:trojan-activity;sid:84264450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3401171)"; flow:established,from_client; content:"GET"; http_method; content:"/k.php|3f|a=x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.41.204.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_15; reference:url, urlhaus.abuse.ch/url/3401171/; classtype:trojan-activity;sid:84264271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400465)"; flow:established,from_client; content:"GET"; http_method; content:"/quivingsnew/sadadads/refs/heads/main/loader.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400465/; classtype:trojan-activity;sid:84263565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400388)"; flow:established,from_client; content:"GET"; http_method; content:"/.shell"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400388/; classtype:trojan-activity;sid:84263488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400304)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400304/; classtype:trojan-activity;sid:84263404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400298)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400298/; classtype:trojan-activity;sid:84263398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400299)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400299/; classtype:trojan-activity;sid:84263399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400300)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400300/; classtype:trojan-activity;sid:84263400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400301)"; flow:established,from_client; content:"GET"; http_method; content:"/lll"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400301/; classtype:trojan-activity;sid:84263401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400302)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400302/; classtype:trojan-activity;sid:84263402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400303)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400303/; classtype:trojan-activity;sid:84263403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400265)"; flow:established,from_client; content:"GET"; http_method; content:"/vc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400265/; classtype:trojan-activity;sid:84263365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400266)"; flow:established,from_client; content:"GET"; http_method; content:"/f5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400266/; classtype:trojan-activity;sid:84263366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400267)"; flow:established,from_client; content:"GET"; http_method; content:"/sdt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400267/; classtype:trojan-activity;sid:84263367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400268)"; flow:established,from_client; content:"GET"; http_method; content:"/test.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400268/; classtype:trojan-activity;sid:84263368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400269)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400269/; classtype:trojan-activity;sid:84263369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400270)"; flow:established,from_client; content:"GET"; http_method; content:"/mag"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400270/; classtype:trojan-activity;sid:84263370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400271)"; flow:established,from_client; content:"GET"; http_method; content:"/multi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400271/; classtype:trojan-activity;sid:84263371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400272)"; flow:established,from_client; content:"GET"; http_method; content:"/asd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400272/; classtype:trojan-activity;sid:84263372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400273)"; flow:established,from_client; content:"GET"; http_method; content:"/fdgsfg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400273/; classtype:trojan-activity;sid:84263373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400274)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400274/; classtype:trojan-activity;sid:84263374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400275)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400275/; classtype:trojan-activity;sid:84263375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400276)"; flow:established,from_client; content:"GET"; http_method; content:"/bt"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400276/; classtype:trojan-activity;sid:84263376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400277)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400277/; classtype:trojan-activity;sid:84263377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400278)"; flow:established,from_client; content:"GET"; http_method; content:"/fb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400278/; classtype:trojan-activity;sid:84263378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400279)"; flow:established,from_client; content:"GET"; http_method; content:"/zz"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400279/; classtype:trojan-activity;sid:84263379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400280)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400280/; classtype:trojan-activity;sid:84263380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400281)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400281/; classtype:trojan-activity;sid:84263381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400282)"; flow:established,from_client; content:"GET"; http_method; content:"/gocl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400282/; classtype:trojan-activity;sid:84263382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400283)"; flow:established,from_client; content:"GET"; http_method; content:"/mass.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400283/; classtype:trojan-activity;sid:84263383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400284)"; flow:established,from_client; content:"GET"; http_method; content:"/av.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400284/; classtype:trojan-activity;sid:84263384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400285)"; flow:established,from_client; content:"GET"; http_method; content:"/xaxa"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400285/; classtype:trojan-activity;sid:84263385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400286)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400286/; classtype:trojan-activity;sid:84263386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400287)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400287/; classtype:trojan-activity;sid:84263387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400288)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400288/; classtype:trojan-activity;sid:84263388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400289)"; flow:established,from_client; content:"GET"; http_method; content:"/r.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400289/; classtype:trojan-activity;sid:84263389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400290)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400290/; classtype:trojan-activity;sid:84263390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400291)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400291/; classtype:trojan-activity;sid:84263391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400292)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400292/; classtype:trojan-activity;sid:84263392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400293)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400293/; classtype:trojan-activity;sid:84263393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400294)"; flow:established,from_client; content:"GET"; http_method; content:"/ruck"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400294/; classtype:trojan-activity;sid:84263394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400295)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400295/; classtype:trojan-activity;sid:84263395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400296)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400296/; classtype:trojan-activity;sid:84263396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400297)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400297/; classtype:trojan-activity;sid:84263397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400257)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400257/; classtype:trojan-activity;sid:84263357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400231)"; flow:established,from_client; content:"GET"; http_method; content:"/e2ffc6f1/files/uploaded/26.ps1"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"irp.cdn-website.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400231/; classtype:trojan-activity;sid:84263331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400130)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.157.247.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400130/; classtype:trojan-activity;sid:84263230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399996)"; flow:established,from_client; content:"GET"; http_method; content:"/ciscotest.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3399996/; classtype:trojan-activity;sid:84263096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399789)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.160.240.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3399789/; classtype:trojan-activity;sid:84262889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399737)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/refs/heads/main/shellcodeany.bin"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3399737/; classtype:trojan-activity;sid:84262837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399736)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/refs/heads/main/2.bin"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3399736/; classtype:trojan-activity;sid:84262836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399733)"; flow:established,from_client; content:"GET"; http_method; content:"/jackyz777/activebypass/refs/heads/main/discord.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3399733/; classtype:trojan-activity;sid:84262833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399734)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/refs/heads/main/thong.bin"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3399734/; classtype:trojan-activity;sid:84262834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/packetcrypt.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"23.27.51.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3399730/; classtype:trojan-activity;sid:84262830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399728)"; flow:established,from_client; content:"GET"; http_method; content:"/phpmyadmin/!help_sos.hta"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"192.140.225.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3399728/; classtype:trojan-activity;sid:84262828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399725)"; flow:established,from_client; content:"GET"; http_method; content:"/jackyz777/activebypass/raw/refs/heads/main/discord.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3399725/; classtype:trojan-activity;sid:84262825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399424)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"156.224.19.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3399424/; classtype:trojan-activity;sid:84262524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399425)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.221.5.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3399425/; classtype:trojan-activity;sid:84262525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399419)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.14.69.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3399419/; classtype:trojan-activity;sid:84262519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399421)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.46.28.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3399421/; classtype:trojan-activity;sid:84262521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399422)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.133.36.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3399422/; classtype:trojan-activity;sid:84262522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399423)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.143.123.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3399423/; classtype:trojan-activity;sid:84262523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.178.100.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3399396/; classtype:trojan-activity;sid:84262496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.136.193.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3399393/; classtype:trojan-activity;sid:84262493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.170.103.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3399336/; classtype:trojan-activity;sid:84262436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.170.103.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3399333/; classtype:trojan-activity;sid:84262433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399086)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/scanner/refs/heads/main/x86"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3399086/; classtype:trojan-activity;sid:84262186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399085)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/scanner/refs/heads/main/dlr.x86"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3399085/; classtype:trojan-activity;sid:84262185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399067)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/scanner/refs/heads/main/mipsel"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3399067/; classtype:trojan-activity;sid:84262167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399068)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/scanner/refs/heads/main/armv5l"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3399068/; classtype:trojan-activity;sid:84262168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399058)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/scanner/refs/heads/main/armv7l"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3399058/; classtype:trojan-activity;sid:84262158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399059)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/scanner/refs/heads/main/armv6l"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3399059/; classtype:trojan-activity;sid:84262159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399056)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/scanner/refs/heads/main/animma.sh"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3399056/; classtype:trojan-activity;sid:84262156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399057)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/scanner/refs/heads/main/armv4l"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3399057/; classtype:trojan-activity;sid:84262157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3398952)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3398952/; classtype:trojan-activity;sid:84262052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3398793)"; flow:established,from_client; content:"GET"; http_method; content:"/andresberejno/aaaaaaa/refs/heads/main/client-base.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3398793/; classtype:trojan-activity;sid:84261893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3398784)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/refs/heads/main/doom.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3398784/; classtype:trojan-activity;sid:84261884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3398786)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/refs/heads/main/king.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3398786/; classtype:trojan-activity;sid:84261886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3398747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.23.157.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3398747/; classtype:trojan-activity;sid:84261847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3398654)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.154.235.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3398654/; classtype:trojan-activity;sid:84261754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3398616)"; flow:established,from_client; content:"GET"; http_method; content:"/ns1.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"47.107.29.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3398616/; classtype:trojan-activity;sid:84261716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3398629)"; flow:established,from_client; content:"GET"; http_method; content:"/ox2fa/justnow/refs/heads/main/1.sh"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3398629/; classtype:trojan-activity;sid:84261729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3398195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.121.239.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_12; reference:url, urlhaus.abuse.ch/url/3398195/; classtype:trojan-activity;sid:84261295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3398189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.15.254.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_12; reference:url, urlhaus.abuse.ch/url/3398189/; classtype:trojan-activity;sid:84261289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3398193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.92.94.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_12; reference:url, urlhaus.abuse.ch/url/3398193/; classtype:trojan-activity;sid:84261293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397979)"; flow:established,from_client; content:"GET"; http_method; content:"/appserv180.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.194.35.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_12; reference:url, urlhaus.abuse.ch/url/3397979/; classtype:trojan-activity;sid:84261079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397968)"; flow:established,from_client; content:"GET"; http_method; content:"/k.php|3f|a=arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.41.204.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_12; reference:url, urlhaus.abuse.ch/url/3397968/; classtype:trojan-activity;sid:84261068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397969)"; flow:established,from_client; content:"GET"; http_method; content:"/k.php|3f|a=mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.41.204.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_12; reference:url, urlhaus.abuse.ch/url/3397969/; classtype:trojan-activity;sid:84261069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397959)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/whiteshadow123.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_12; reference:url, urlhaus.abuse.ch/url/3397959/; classtype:trojan-activity;sid:84261059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397960)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/whiteshadow.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_12; reference:url, urlhaus.abuse.ch/url/3397960/; classtype:trojan-activity;sid:84261060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397958)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/minimal.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_12; reference:url, urlhaus.abuse.ch/url/3397958/; classtype:trojan-activity;sid:84261058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397956)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/johnmartin.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_12; reference:url, urlhaus.abuse.ch/url/3397956/; classtype:trojan-activity;sid:84261056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.220.249.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_12; reference:url, urlhaus.abuse.ch/url/3397671/; classtype:trojan-activity;sid:84260771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397543)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.2.177"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_11; reference:url, urlhaus.abuse.ch/url/3397543/; classtype:trojan-activity;sid:84260643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.168.227.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_11; reference:url, urlhaus.abuse.ch/url/3397531/; classtype:trojan-activity;sid:84260631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"159.117.181.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_11; reference:url, urlhaus.abuse.ch/url/3397538/; classtype:trojan-activity;sid:84260638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.237.78.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_11; reference:url, urlhaus.abuse.ch/url/3397524/; classtype:trojan-activity;sid:84260624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397444)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.157.247.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_11; reference:url, urlhaus.abuse.ch/url/3397444/; classtype:trojan-activity;sid:84260544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397443)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.157.247.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_11; reference:url, urlhaus.abuse.ch/url/3397443/; classtype:trojan-activity;sid:84260543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397442)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.157.247.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_11; reference:url, urlhaus.abuse.ch/url/3397442/; classtype:trojan-activity;sid:84260542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397441)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.157.247.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_11; reference:url, urlhaus.abuse.ch/url/3397441/; classtype:trojan-activity;sid:84260541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397437)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.157.247.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_11; reference:url, urlhaus.abuse.ch/url/3397437/; classtype:trojan-activity;sid:84260537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397438)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.157.247.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_11; reference:url, urlhaus.abuse.ch/url/3397438/; classtype:trojan-activity;sid:84260538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397173)"; flow:established,from_client; content:"GET"; http_method; content:"/busybox-mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_11; reference:url, urlhaus.abuse.ch/url/3397173/; classtype:trojan-activity;sid:84260273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397172)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_11; reference:url, urlhaus.abuse.ch/url/3397172/; classtype:trojan-activity;sid:84260272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397130)"; flow:established,from_client; content:"GET"; http_method; content:"/nrarm6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_11; reference:url, urlhaus.abuse.ch/url/3397130/; classtype:trojan-activity;sid:84260230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397098)"; flow:established,from_client; content:"GET"; http_method; content:"/nrarm5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_11; reference:url, urlhaus.abuse.ch/url/3397098/; classtype:trojan-activity;sid:84260198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397100)"; flow:established,from_client; content:"GET"; http_method; content:"/nrmpsl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_11; reference:url, urlhaus.abuse.ch/url/3397100/; classtype:trojan-activity;sid:84260200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397061)"; flow:established,from_client; content:"GET"; http_method; content:"/nrarm"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_11; reference:url, urlhaus.abuse.ch/url/3397061/; classtype:trojan-activity;sid:84260161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396897)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"staplebrokenmetaliyro.blogspot.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_01_11; reference:url, urlhaus.abuse.ch/url/3396897/; classtype:trojan-activity;sid:84259997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.148.245.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_11; reference:url, urlhaus.abuse.ch/url/3396827/; classtype:trojan-activity;sid:84259927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"174.76.179.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_11; reference:url, urlhaus.abuse.ch/url/3396705/; classtype:trojan-activity;sid:84259805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"174.76.179.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_11; reference:url, urlhaus.abuse.ch/url/3396687/; classtype:trojan-activity;sid:84259787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396448)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.24.179.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396448/; classtype:trojan-activity;sid:84259548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396436)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.40.19.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396436/; classtype:trojan-activity;sid:84259536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396437)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.108.145.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396437/; classtype:trojan-activity;sid:84259537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396440)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.104.181.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396440/; classtype:trojan-activity;sid:84259540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396442)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.36.117.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396442/; classtype:trojan-activity;sid:84259542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396433)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.232.42.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396433/; classtype:trojan-activity;sid:84259533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.160.240.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396421/; classtype:trojan-activity;sid:84259521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.115.101.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396427/; classtype:trojan-activity;sid:84259527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.254.71.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396430/; classtype:trojan-activity;sid:84259530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.183.159.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396411/; classtype:trojan-activity;sid:84259511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.197.121.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396413/; classtype:trojan-activity;sid:84259513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.87.151.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396418/; classtype:trojan-activity;sid:84259518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.45.96.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396407/; classtype:trojan-activity;sid:84259507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396119)"; flow:established,from_client; content:"GET"; http_method; content:"/32.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396119/; classtype:trojan-activity;sid:84259219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396087)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396087/; classtype:trojan-activity;sid:84259187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3395939)"; flow:established,from_client; content:"GET"; http_method; content:"/anshuop0001/aaaaaaa/refs/heads/main/client.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3395939/; classtype:trojan-activity;sid:84259039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3395931)"; flow:established,from_client; content:"GET"; http_method; content:"/andresberejno/aaaaaaa/refs/heads/main/client.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3395931/; classtype:trojan-activity;sid:84259031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3395932)"; flow:established,from_client; content:"GET"; http_method; content:"/anshuop0001/aaaaaaa/raw/refs/heads/main/client.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3395932/; classtype:trojan-activity;sid:84259032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3395711)"; flow:established,from_client; content:"GET"; http_method; content:"/svhost.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"151.106.34.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3395711/; classtype:trojan-activity;sid:84258811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3395702)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/rg.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3395702/; classtype:trojan-activity;sid:84258802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3395699)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/envs/b1.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3395699/; classtype:trojan-activity;sid:84258799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3395493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.100.195.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3395493/; classtype:trojan-activity;sid:84258593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3395483)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.100.195.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3395483/; classtype:trojan-activity;sid:84258583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3395438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.148.245.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3395438/; classtype:trojan-activity;sid:84258538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3395055)"; flow:established,from_client; content:"GET"; http_method; content:"/arvendrachhonkar/todo/releases/download/macosandwindows/install_setup_v1.2.0.dmg"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3395055/; classtype:trojan-activity;sid:84258155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3395041)"; flow:established,from_client; content:"GET"; http_method; content:"/python312-32.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"217.77.11.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3395041/; classtype:trojan-activity;sid:84258141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394777)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.221.96.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394777/; classtype:trojan-activity;sid:84257877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394778)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.221.96.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394778/; classtype:trojan-activity;sid:84257878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394779)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.221.96.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394779/; classtype:trojan-activity;sid:84257879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394780)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.221.96.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394780/; classtype:trojan-activity;sid:84257880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394781)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.221.96.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394781/; classtype:trojan-activity;sid:84257881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394782)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.221.96.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394782/; classtype:trojan-activity;sid:84257882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394783)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.221.96.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394783/; classtype:trojan-activity;sid:84257883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394784)"; flow:established,from_client; content:"GET"; http_method; content:"/d.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.221.96.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394784/; classtype:trojan-activity;sid:84257884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394785)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.221.96.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394785/; classtype:trojan-activity;sid:84257885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394786)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.221.96.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394786/; classtype:trojan-activity;sid:84257886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394787)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.221.96.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394787/; classtype:trojan-activity;sid:84257887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394788)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.221.96.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394788/; classtype:trojan-activity;sid:84257888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394789)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.221.96.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394789/; classtype:trojan-activity;sid:84257889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394680)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/osiris/blob/main/2klz.exe|3f|raw=true/"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394680/; classtype:trojan-activity;sid:84257780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394670)"; flow:established,from_client; content:"GET"; http_method; content:"/grnnnwdroiddd.txt"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"107.172.31.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394670/; classtype:trojan-activity;sid:84257770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394666)"; flow:established,from_client; content:"GET"; http_method; content:"/jackyz777/activebypass/raw/refs/heads/main/payload.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394666/; classtype:trojan-activity;sid:84257766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394610)"; flow:established,from_client; content:"GET"; http_method; content:"/chrtrome22.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"23.27.51.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394610/; classtype:trojan-activity;sid:84257710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394562)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.172.196.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394562/; classtype:trojan-activity;sid:84257662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394559)"; flow:established,from_client; content:"GET"; http_method; content:"/l"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.172.196.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394559/; classtype:trojan-activity;sid:84257659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394560)"; flow:established,from_client; content:"GET"; http_method; content:"/x"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.172.196.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394560/; classtype:trojan-activity;sid:84257660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394507)"; flow:established,from_client; content:"GET"; http_method; content:"/trismagi/daemon/raw/main/watchdog"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394507/; classtype:trojan-activity;sid:84257607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394121)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.56.225.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3394121/; classtype:trojan-activity;sid:84257221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394115)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.56.225.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3394115/; classtype:trojan-activity;sid:84257215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394108)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3394108/; classtype:trojan-activity;sid:84257208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393875)"; flow:established,from_client; content:"GET"; http_method; content:"/nrmips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393875/; classtype:trojan-activity;sid:84256975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393877)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393877/; classtype:trojan-activity;sid:84256977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393878)"; flow:established,from_client; content:"GET"; http_method; content:"/ex86"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393878/; classtype:trojan-activity;sid:84256978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393879)"; flow:established,from_client; content:"GET"; http_method; content:"/garm6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393879/; classtype:trojan-activity;sid:84256979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393880)"; flow:established,from_client; content:"GET"; http_method; content:"/gomips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393880/; classtype:trojan-activity;sid:84256980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393881)"; flow:established,from_client; content:"GET"; http_method; content:"/nshppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393881/; classtype:trojan-activity;sid:84256981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393882)"; flow:established,from_client; content:"GET"; http_method; content:"/goarm7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393882/; classtype:trojan-activity;sid:84256982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393883)"; flow:established,from_client; content:"GET"; http_method; content:"/goarm6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393883/; classtype:trojan-activity;sid:84256983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393884)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393884/; classtype:trojan-activity;sid:84256984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393885)"; flow:established,from_client; content:"GET"; http_method; content:"/gmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393885/; classtype:trojan-activity;sid:84256985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393886)"; flow:established,from_client; content:"GET"; http_method; content:"/goarm5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393886/; classtype:trojan-activity;sid:84256986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393887)"; flow:established,from_client; content:"GET"; http_method; content:"/earm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393887/; classtype:trojan-activity;sid:84256987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393888)"; flow:established,from_client; content:"GET"; http_method; content:"/gmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393888/; classtype:trojan-activity;sid:84256988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393889)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393889/; classtype:trojan-activity;sid:84256989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393890)"; flow:established,from_client; content:"GET"; http_method; content:"/earm6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393890/; classtype:trojan-activity;sid:84256990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393891)"; flow:established,from_client; content:"GET"; http_method; content:"/earm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393891/; classtype:trojan-activity;sid:84256991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393892)"; flow:established,from_client; content:"GET"; http_method; content:"/emips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393892/; classtype:trojan-activity;sid:84256992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393893)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393893/; classtype:trojan-activity;sid:84256993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393894)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393894/; classtype:trojan-activity;sid:84256994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393895)"; flow:established,from_client; content:"GET"; http_method; content:"/nshmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393895/; classtype:trojan-activity;sid:84256995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393896)"; flow:established,from_client; content:"GET"; http_method; content:"/goarm"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393896/; classtype:trojan-activity;sid:84256996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393897)"; flow:established,from_client; content:"GET"; http_method; content:"/earm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393897/; classtype:trojan-activity;sid:84256997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393898)"; flow:established,from_client; content:"GET"; http_method; content:"/nshmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393898/; classtype:trojan-activity;sid:84256998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393899)"; flow:established,from_client; content:"GET"; http_method; content:"/nrsh4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393899/; classtype:trojan-activity;sid:84256999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393900)"; flow:established,from_client; content:"GET"; http_method; content:"/nshsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393900/; classtype:trojan-activity;sid:84257000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393901)"; flow:established,from_client; content:"GET"; http_method; content:"/nrppc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393901/; classtype:trojan-activity;sid:84257001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393902)"; flow:established,from_client; content:"GET"; http_method; content:"/eppc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393902/; classtype:trojan-activity;sid:84257002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393866)"; flow:established,from_client; content:"GET"; http_method; content:"/nrarm7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393866/; classtype:trojan-activity;sid:84256966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393867)"; flow:established,from_client; content:"GET"; http_method; content:"/gompsl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393867/; classtype:trojan-activity;sid:84256967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393868)"; flow:established,from_client; content:"GET"; http_method; content:"/empsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393868/; classtype:trojan-activity;sid:84256968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393869)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393869/; classtype:trojan-activity;sid:84256969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393870)"; flow:established,from_client; content:"GET"; http_method; content:"/garm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393870/; classtype:trojan-activity;sid:84256970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393871)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393871/; classtype:trojan-activity;sid:84256971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393872)"; flow:established,from_client; content:"GET"; http_method; content:"/garm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393872/; classtype:trojan-activity;sid:84256972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393873)"; flow:established,from_client; content:"GET"; http_method; content:"/garm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393873/; classtype:trojan-activity;sid:84256973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393874)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393874/; classtype:trojan-activity;sid:84256974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393839)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393839/; classtype:trojan-activity;sid:84256939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393837)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393837/; classtype:trojan-activity;sid:84256937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393662)"; flow:established,from_client; content:"GET"; http_method; content:"/roukistl/ud/refs/heads/main/ud.bat"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393662/; classtype:trojan-activity;sid:84256762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393606)"; flow:established,from_client; content:"GET"; http_method; content:"/sichostexe/loxfiles/refs/heads/main/fixer.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393606/; classtype:trojan-activity;sid:84256706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393604)"; flow:established,from_client; content:"GET"; http_method; content:"/m4hvh2/dwadwa/refs/heads/main/client-built.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393604/; classtype:trojan-activity;sid:84256704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393601)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"113.31.111.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393601/; classtype:trojan-activity;sid:84256701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393600)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/osiris/blob/main/2klz.exe|3f|raw=true"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393600/; classtype:trojan-activity;sid:84256700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393595)"; flow:established,from_client; content:"GET"; http_method; content:"/tnn.ps1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"151.106.34.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393595/; classtype:trojan-activity;sid:84256695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393596)"; flow:established,from_client; content:"GET"; http_method; content:"/thomson101/xhp/releases/download/release/steanings.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393596/; classtype:trojan-activity;sid:84256696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393592)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/customer.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393592/; classtype:trojan-activity;sid:84256692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393361)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"151.45.96.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393361/; classtype:trojan-activity;sid:84256461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393166)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.105.79.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393166/; classtype:trojan-activity;sid:84256266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393148)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"211.197.121.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393148/; classtype:trojan-activity;sid:84256248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.109.167.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393134/; classtype:trojan-activity;sid:84256234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.109.167.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393107/; classtype:trojan-activity;sid:84256207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393047)"; flow:established,from_client; content:"GET"; http_method; content:"/thomson101/xhp/releases/download/release/steanings.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393047/; classtype:trojan-activity;sid:84256147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393048)"; flow:established,from_client; content:"GET"; http_method; content:"/apoxyies/deeneme/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393048/; classtype:trojan-activity;sid:84256148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393043)"; flow:established,from_client; content:"GET"; http_method; content:"/get/giyauomtev/uu.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393043/; classtype:trojan-activity;sid:84256143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393030)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.92.166.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393030/; classtype:trojan-activity;sid:84256130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393032)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.141.95.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393032/; classtype:trojan-activity;sid:84256132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393033)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.243.25.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393033/; classtype:trojan-activity;sid:84256133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393026)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"123.57.230.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393026/; classtype:trojan-activity;sid:84256126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393028)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.196.92.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393028/; classtype:trojan-activity;sid:84256128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.240.163.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393007/; classtype:trojan-activity;sid:84256107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"108.77.140.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393009/; classtype:trojan-activity;sid:84256109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.40.185.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393010/; classtype:trojan-activity;sid:84256110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.46.219.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393012/; classtype:trojan-activity;sid:84256112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3392894)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ronnin-v2.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3392894/; classtype:trojan-activity;sid:84255994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3392895)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"symbiatec-fi.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3392895/; classtype:trojan-activity;sid:84255995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3392882)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"symdlotic.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3392882/; classtype:trojan-activity;sid:84255982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3392821)"; flow:established,from_client; content:"GET"; http_method; content:"/no_dropper.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"comteste.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3392821/; classtype:trojan-activity;sid:84255921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3392809)"; flow:established,from_client; content:"GET"; http_method; content:"/no_dropper.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.202.233.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3392809/; classtype:trojan-activity;sid:84255909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3392686)"; flow:established,from_client; content:"GET"; http_method; content:"/launcher/upload/test.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"test.aionclassic.pro"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3392686/; classtype:trojan-activity;sid:84255786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3392006)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3392006/; classtype:trojan-activity;sid:84255106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3392010)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3392010/; classtype:trojan-activity;sid:84255110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391965)"; flow:established,from_client; content:"GET"; http_method; content:"/eppc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391965/; classtype:trojan-activity;sid:84255065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391969)"; flow:established,from_client; content:"GET"; http_method; content:"/earm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391969/; classtype:trojan-activity;sid:84255069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391972)"; flow:established,from_client; content:"GET"; http_method; content:"/earm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391972/; classtype:trojan-activity;sid:84255072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391960)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391960/; classtype:trojan-activity;sid:84255060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391963)"; flow:established,from_client; content:"GET"; http_method; content:"/earc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391963/; classtype:trojan-activity;sid:84255063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391957)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391957/; classtype:trojan-activity;sid:84255057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391946)"; flow:established,from_client; content:"GET"; http_method; content:"/emips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391946/; classtype:trojan-activity;sid:84255046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391917)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391917/; classtype:trojan-activity;sid:84255017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391920)"; flow:established,from_client; content:"GET"; http_method; content:"/earm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391920/; classtype:trojan-activity;sid:84255020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391907)"; flow:established,from_client; content:"GET"; http_method; content:"/esh4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391907/; classtype:trojan-activity;sid:84255007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391908)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391908/; classtype:trojan-activity;sid:84255008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391910)"; flow:established,from_client; content:"GET"; http_method; content:"/empsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391910/; classtype:trojan-activity;sid:84255010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391912)"; flow:established,from_client; content:"GET"; http_method; content:"/ex86"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391912/; classtype:trojan-activity;sid:84255012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391819)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.32.249.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391819/; classtype:trojan-activity;sid:84254919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391726)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"chmod0777kk.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391726/; classtype:trojan-activity;sid:84254826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391727)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"chmod0777kk.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391727/; classtype:trojan-activity;sid:84254827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391728)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"chmod0777kk.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391728/; classtype:trojan-activity;sid:84254828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391730)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"chmod0777kk.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391730/; classtype:trojan-activity;sid:84254830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391731)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"chmod0777kk.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391731/; classtype:trojan-activity;sid:84254831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391722)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"chmod0777kk.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391722/; classtype:trojan-activity;sid:84254822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391724)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"chmod0777kk.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391724/; classtype:trojan-activity;sid:84254824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391715)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"chmod0777kk.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391715/; classtype:trojan-activity;sid:84254815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391718)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"chmod0777kk.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391718/; classtype:trojan-activity;sid:84254818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391711)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"chmod0777kk.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391711/; classtype:trojan-activity;sid:84254811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391694)"; flow:established,from_client; content:"GET"; http_method; content:"/dred"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"39.104.73.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391694/; classtype:trojan-activity;sid:84254794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391671)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"151.251.196.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391671/; classtype:trojan-activity;sid:84254771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391678)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.211.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391678/; classtype:trojan-activity;sid:84254778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391640)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.228.133.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391640/; classtype:trojan-activity;sid:84254740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391641)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.228.133.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391641/; classtype:trojan-activity;sid:84254741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391642)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.228.133.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391642/; classtype:trojan-activity;sid:84254742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391643)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.228.133.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391643/; classtype:trojan-activity;sid:84254743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391649)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.27.44.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391649/; classtype:trojan-activity;sid:84254749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391634)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.139.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391634/; classtype:trojan-activity;sid:84254734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391632)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.2.45.132"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391632/; classtype:trojan-activity;sid:84254732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391631)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.241.74.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391631/; classtype:trojan-activity;sid:84254731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.5.51.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391610/; classtype:trojan-activity;sid:84254710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.24.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391609/; classtype:trojan-activity;sid:84254709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.45.99.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391600/; classtype:trojan-activity;sid:84254700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.187.148.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391602/; classtype:trojan-activity;sid:84254702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.81.45.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391606/; classtype:trojan-activity;sid:84254706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391455)"; flow:established,from_client; content:"GET"; http_method; content:"/1337breaker1337/password/refs/heads/main/client-built.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391455/; classtype:trojan-activity;sid:84254555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391442)"; flow:established,from_client; content:"GET"; http_method; content:"/ymykaliymy/ymy/refs/heads/main/sela.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391442/; classtype:trojan-activity;sid:84254542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391438)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/696969.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391438/; classtype:trojan-activity;sid:84254538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391429)"; flow:established,from_client; content:"GET"; http_method; content:"/1337breaker1337/password/raw/refs/heads/main/client-built.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391429/; classtype:trojan-activity;sid:84254529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391426)"; flow:established,from_client; content:"GET"; http_method; content:"/top-executors/jjsploit/raw/refs/heads/main/jjsploit.v2.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391426/; classtype:trojan-activity;sid:84254526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391427)"; flow:established,from_client; content:"GET"; http_method; content:"/07nn/am/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391427/; classtype:trojan-activity;sid:84254527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391428)"; flow:established,from_client; content:"GET"; http_method; content:"/ymykaliymy/ymy/raw/refs/heads/main/sela.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391428/; classtype:trojan-activity;sid:84254528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391375)"; flow:established,from_client; content:"GET"; http_method; content:"/4gs"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391375/; classtype:trojan-activity;sid:84254475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3390675)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.196.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3390675/; classtype:trojan-activity;sid:84253775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3390674)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.196.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3390674/; classtype:trojan-activity;sid:84253774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3390665)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.181.172.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3390665/; classtype:trojan-activity;sid:84253765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3390659)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.133.36.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3390659/; classtype:trojan-activity;sid:84253759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3390660)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.143.48.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3390660/; classtype:trojan-activity;sid:84253760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3390651)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"82.156.108.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3390651/; classtype:trojan-activity;sid:84253751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3390320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.115.253.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3390320/; classtype:trojan-activity;sid:84253420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3390314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.117.90.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3390314/; classtype:trojan-activity;sid:84253414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3390305)"; flow:established,from_client; content:"GET"; http_method; content:"/gfd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3390305/; classtype:trojan-activity;sid:84253405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3390306)"; flow:established,from_client; content:"GET"; http_method; content:"/r"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3390306/; classtype:trojan-activity;sid:84253406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3390307)"; flow:established,from_client; content:"GET"; http_method; content:"/fd"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3390307/; classtype:trojan-activity;sid:84253407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3390293)"; flow:established,from_client; content:"GET"; http_method; content:"/d/m68k"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3390293/; classtype:trojan-activity;sid:84253393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3390294)"; flow:established,from_client; content:"GET"; http_method; content:"/d/arm"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3390294/; classtype:trojan-activity;sid:84253394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3390286)"; flow:established,from_client; content:"GET"; http_method; content:"/d/sh4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3390286/; classtype:trojan-activity;sid:84253386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3390287)"; flow:established,from_client; content:"GET"; http_method; content:"/d/mpsl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3390287/; classtype:trojan-activity;sid:84253387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3390288)"; flow:established,from_client; content:"GET"; http_method; content:"/d/arm6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3390288/; classtype:trojan-activity;sid:84253388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3390289)"; flow:established,from_client; content:"GET"; http_method; content:"/d/i686"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3390289/; classtype:trojan-activity;sid:84253389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3390290)"; flow:established,from_client; content:"GET"; http_method; content:"/d/arm7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3390290/; classtype:trojan-activity;sid:84253390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3390291)"; flow:established,from_client; content:"GET"; http_method; content:"/d/ppc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3390291/; classtype:trojan-activity;sid:84253391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3390292)"; flow:established,from_client; content:"GET"; http_method; content:"/d/spc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3390292/; classtype:trojan-activity;sid:84253392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3390284)"; flow:established,from_client; content:"GET"; http_method; content:"/d/arm5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3390284/; classtype:trojan-activity;sid:84253384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3390285)"; flow:established,from_client; content:"GET"; http_method; content:"/d/mips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3390285/; classtype:trojan-activity;sid:84253385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389977)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"honeybooterz.cve-2021-36260.ru"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389977/; classtype:trojan-activity;sid:84253077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389973)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl-wrt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"honeybooterz.cve-2021-36260.ru"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389973/; classtype:trojan-activity;sid:84253073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389959)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"honeybooterz.cve-2021-36260.ru"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389959/; classtype:trojan-activity;sid:84253059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389960)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i586"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"honeybooterz.cve-2021-36260.ru"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389960/; classtype:trojan-activity;sid:84253060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389961)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"honeybooterz.cve-2021-36260.ru"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389961/; classtype:trojan-activity;sid:84253061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389966)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"honeybooterz.cve-2021-36260.ru"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389966/; classtype:trojan-activity;sid:84253066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389967)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"honeybooterz.cve-2021-36260.ru"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389967/; classtype:trojan-activity;sid:84253067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389969)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"honeybooterz.cve-2021-36260.ru"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389969/; classtype:trojan-activity;sid:84253069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389955)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"honeybooterz.cve-2021-36260.ru"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389955/; classtype:trojan-activity;sid:84253055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389956)"; flow:established,from_client; content:"GET"; http_method; content:"/telnet.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"honeybooterz.cve-2021-36260.ru"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389956/; classtype:trojan-activity;sid:84253056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389958)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"honeybooterz.cve-2021-36260.ru"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389958/; classtype:trojan-activity;sid:84253058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389937)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"honeybooterz.cve-2021-36260.ru"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389937/; classtype:trojan-activity;sid:84253037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389946)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"honeybooterz.cve-2021-36260.ru"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389946/; classtype:trojan-activity;sid:84253046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389947)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/powerpc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"honeybooterz.cve-2021-36260.ru"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389947/; classtype:trojan-activity;sid:84253047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389951)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"honeybooterz.cve-2021-36260.ru"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389951/; classtype:trojan-activity;sid:84253051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389952)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"honeybooterz.cve-2021-36260.ru"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389952/; classtype:trojan-activity;sid:84253052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389930)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"honeybooterz.cve-2021-36260.ru"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389930/; classtype:trojan-activity;sid:84253030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389931)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"honeybooterz.cve-2021-36260.ru"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389931/; classtype:trojan-activity;sid:84253031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389934)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"honeybooterz.cve-2021-36260.ru"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389934/; classtype:trojan-activity;sid:84253034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389935)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"honeybooterz.cve-2021-36260.ru"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389935/; classtype:trojan-activity;sid:84253035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389936)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"honeybooterz.cve-2021-36260.ru"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389936/; classtype:trojan-activity;sid:84253036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389919)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sparc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"honeybooterz.cve-2021-36260.ru"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389919/; classtype:trojan-activity;sid:84253019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389924)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"honeybooterz.cve-2021-36260.ru"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389924/; classtype:trojan-activity;sid:84253024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389926)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"honeybooterz.cve-2021-36260.ru"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389926/; classtype:trojan-activity;sid:84253026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389860)"; flow:established,from_client; content:"GET"; http_method; content:"/r.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389860/; classtype:trojan-activity;sid:84252960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389861)"; flow:established,from_client; content:"GET"; http_method; content:"/vc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389861/; classtype:trojan-activity;sid:84252961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389862)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389862/; classtype:trojan-activity;sid:84252962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389863)"; flow:established,from_client; content:"GET"; http_method; content:"/av.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389863/; classtype:trojan-activity;sid:84252963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389864)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389864/; classtype:trojan-activity;sid:84252964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389865)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389865/; classtype:trojan-activity;sid:84252965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389866)"; flow:established,from_client; content:"GET"; http_method; content:"/fb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389866/; classtype:trojan-activity;sid:84252966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389867)"; flow:established,from_client; content:"GET"; http_method; content:"/sdt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389867/; classtype:trojan-activity;sid:84252967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389868)"; flow:established,from_client; content:"GET"; http_method; content:"/f5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389868/; classtype:trojan-activity;sid:84252968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389869)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389869/; classtype:trojan-activity;sid:84252969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389870)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389870/; classtype:trojan-activity;sid:84252970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389871)"; flow:established,from_client; content:"GET"; http_method; content:"/bt"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389871/; classtype:trojan-activity;sid:84252971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389872)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389872/; classtype:trojan-activity;sid:84252972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389873)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389873/; classtype:trojan-activity;sid:84252973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389874)"; flow:established,from_client; content:"GET"; http_method; content:"/zz"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389874/; classtype:trojan-activity;sid:84252974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389842)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389842/; classtype:trojan-activity;sid:84252942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389843)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389843/; classtype:trojan-activity;sid:84252943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389844)"; flow:established,from_client; content:"GET"; http_method; content:"/fdgsfg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389844/; classtype:trojan-activity;sid:84252944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389845)"; flow:established,from_client; content:"GET"; http_method; content:"/ruck"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389845/; classtype:trojan-activity;sid:84252945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389846)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389846/; classtype:trojan-activity;sid:84252946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389847)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389847/; classtype:trojan-activity;sid:84252947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389848)"; flow:established,from_client; content:"GET"; http_method; content:"/xaxa"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389848/; classtype:trojan-activity;sid:84252948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389849)"; flow:established,from_client; content:"GET"; http_method; content:"/test.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389849/; classtype:trojan-activity;sid:84252949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389850)"; flow:established,from_client; content:"GET"; http_method; content:"/asd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389850/; classtype:trojan-activity;sid:84252950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389851)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389851/; classtype:trojan-activity;sid:84252951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389852)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389852/; classtype:trojan-activity;sid:84252952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389853)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389853/; classtype:trojan-activity;sid:84252953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389854)"; flow:established,from_client; content:"GET"; http_method; content:"/mass.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389854/; classtype:trojan-activity;sid:84252954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389855)"; flow:established,from_client; content:"GET"; http_method; content:"/lll"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389855/; classtype:trojan-activity;sid:84252955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389856)"; flow:established,from_client; content:"GET"; http_method; content:"/mag"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389856/; classtype:trojan-activity;sid:84252956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389857)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389857/; classtype:trojan-activity;sid:84252957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389858)"; flow:established,from_client; content:"GET"; http_method; content:"/multi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389858/; classtype:trojan-activity;sid:84252958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389859)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389859/; classtype:trojan-activity;sid:84252959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389782)"; flow:established,from_client; content:"GET"; http_method; content:"/01.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.140.14.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389782/; classtype:trojan-activity;sid:84252882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389783)"; flow:established,from_client; content:"GET"; http_method; content:"/bxd.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"82.140.14.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389783/; classtype:trojan-activity;sid:84252883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389784)"; flow:established,from_client; content:"GET"; http_method; content:"/wudi.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"82.140.14.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389784/; classtype:trojan-activity;sid:84252884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389785)"; flow:established,from_client; content:"GET"; http_method; content:"/00.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.140.14.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389785/; classtype:trojan-activity;sid:84252885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389786)"; flow:established,from_client; content:"GET"; http_method; content:"/64.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.140.14.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389786/; classtype:trojan-activity;sid:84252886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389780)"; flow:established,from_client; content:"GET"; http_method; content:"/02.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.140.14.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389780/; classtype:trojan-activity;sid:84252880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389781)"; flow:established,from_client; content:"GET"; http_method; content:"/32.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.140.14.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389781/; classtype:trojan-activity;sid:84252881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.92.254.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389740/; classtype:trojan-activity;sid:84252840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.217.129.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389724/; classtype:trojan-activity;sid:84252824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389611)"; flow:established,from_client; content:"GET"; http_method; content:"/gocl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389611/; classtype:trojan-activity;sid:84252711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389607)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389607/; classtype:trojan-activity;sid:84252707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389601)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389601/; classtype:trojan-activity;sid:84252701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389458)"; flow:established,from_client; content:"GET"; http_method; content:"/07nn/am/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389458/; classtype:trojan-activity;sid:84252558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389456)"; flow:established,from_client; content:"GET"; http_method; content:"/top-executors/jjsploit/raw/refs/heads/main/jjsploit.v2.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389456/; classtype:trojan-activity;sid:84252556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389457)"; flow:established,from_client; content:"GET"; http_method; content:"/top-executors/jjsploit/refs/heads/main/jjsploit.v2.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389457/; classtype:trojan-activity;sid:84252557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389455)"; flow:established,from_client; content:"GET"; http_method; content:"/get/hlxk13yhsr/sdggwsdgdrwgrwgrwgrwgrw.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389455/; classtype:trojan-activity;sid:84252555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389403)"; flow:established,from_client; content:"GET"; http_method; content:"/ngrokc/ctc/raw/main/ctc64.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389403/; classtype:trojan-activity;sid:84252503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389404)"; flow:established,from_client; content:"GET"; http_method; content:"/ngrokc/ctc/main/ctc64.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389404/; classtype:trojan-activity;sid:84252504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389259)"; flow:established,from_client; content:"GET"; http_method; content:"/test/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389259/; classtype:trojan-activity;sid:84252359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389237)"; flow:established,from_client; content:"GET"; http_method; content:"/test/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389237/; classtype:trojan-activity;sid:84252337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389239)"; flow:established,from_client; content:"GET"; http_method; content:"/test/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389239/; classtype:trojan-activity;sid:84252339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389229)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/fwutlkid.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389229/; classtype:trojan-activity;sid:84252329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389228)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/gch3x3lk.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389228/; classtype:trojan-activity;sid:84252328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389227)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/9nkwk7nh.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389227/; classtype:trojan-activity;sid:84252327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389226)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/wl3gtvgq.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389226/; classtype:trojan-activity;sid:84252326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389225)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/ujp4jdmy.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389225/; classtype:trojan-activity;sid:84252325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389224)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/8rh4s7pl.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389224/; classtype:trojan-activity;sid:84252324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389223)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/dwppj74t.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389223/; classtype:trojan-activity;sid:84252323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389222)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/jdym53nl.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389222/; classtype:trojan-activity;sid:84252322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389221)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/e9ffa5da.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389221/; classtype:trojan-activity;sid:84252321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389220)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/8zg9faz4.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389220/; classtype:trojan-activity;sid:84252320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389218)"; flow:established,from_client; content:"GET"; http_method; content:"/free"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"safefiles2.oss-cn-beijing.aliyuncs.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389218/; classtype:trojan-activity;sid:84252318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389158)"; flow:established,from_client; content:"GET"; http_method; content:"/img001.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"43.240.65.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389158/; classtype:trojan-activity;sid:84252258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389142)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1.181.70.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389142/; classtype:trojan-activity;sid:84252242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389129)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"61.157.18.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389129/; classtype:trojan-activity;sid:84252229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389120)"; flow:established,from_client; content:"GET"; http_method; content:"/auda"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"safefiles2.oss-cn-beijing.aliyuncs.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389120/; classtype:trojan-activity;sid:84252220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388982)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/drg/rtc/ad/old/dll2.txt"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388982/; classtype:trojan-activity;sid:84252082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.173.146.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388953/; classtype:trojan-activity;sid:84252053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.184.144.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388952/; classtype:trojan-activity;sid:84252052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.20.55.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388949/; classtype:trojan-activity;sid:84252049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.165.16.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388950/; classtype:trojan-activity;sid:84252050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388907)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.83.78"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388907/; classtype:trojan-activity;sid:84252007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388893)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.84.139"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388893/; classtype:trojan-activity;sid:84251993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388899)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"116.15.50.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388899/; classtype:trojan-activity;sid:84251999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388875)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.23.88.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388875/; classtype:trojan-activity;sid:84251975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388876)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.23.88.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388876/; classtype:trojan-activity;sid:84251976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388878)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.89.165"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388878/; classtype:trojan-activity;sid:84251978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388870)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.89.128"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388870/; classtype:trojan-activity;sid:84251970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388873)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.117.75.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388873/; classtype:trojan-activity;sid:84251973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388874)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.89.174"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388874/; classtype:trojan-activity;sid:84251974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388864)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/solara.dir.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"getsolara.dev"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388864/; classtype:trojan-activity;sid:84251964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388863)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/bootstrappernew.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"getsolara.dev"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388863/; classtype:trojan-activity;sid:84251963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388861)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/solara.dir.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"getsolara.dev"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388861/; classtype:trojan-activity;sid:84251961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388862)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/bootstrappernew.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"getsolara.dev"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388862/; classtype:trojan-activity;sid:84251962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388858)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/solara.dir.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"c0e5b87c.solaraweb-alj.pages.dev"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388858/; classtype:trojan-activity;sid:84251958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388859)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/bootstrappernew.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"c0e5b87c.solaraweb-alj.pages.dev"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388859/; classtype:trojan-activity;sid:84251959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388781)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.180.2.38"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388781/; classtype:trojan-activity;sid:84251881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388777)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/bootstrapper.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"01fa443f.solaraweb-alj.pages.dev"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388777/; classtype:trojan-activity;sid:84251877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388760)"; flow:established,from_client; content:"GET"; http_method; content:"/update/tpb-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"api.accueil-coinbase.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388760/; classtype:trojan-activity;sid:84251860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388761)"; flow:established,from_client; content:"GET"; http_method; content:"/update/tpb-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"cranky-nash.91-202-233-151.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388761/; classtype:trojan-activity;sid:84251861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388763)"; flow:established,from_client; content:"GET"; http_method; content:"/update/tpb-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"rappel-coinbase.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388763/; classtype:trojan-activity;sid:84251863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388764)"; flow:established,from_client; content:"GET"; http_method; content:"/update/tpb-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"api.rappel-coinbase.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388764/; classtype:trojan-activity;sid:84251864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388765)"; flow:established,from_client; content:"GET"; http_method; content:"/update/tpb-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"api.aide-coinbase.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388765/; classtype:trojan-activity;sid:84251865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388768)"; flow:established,from_client; content:"GET"; http_method; content:"/update/tpb-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91-202-233-151.plesk.page"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388768/; classtype:trojan-activity;sid:84251868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388770)"; flow:established,from_client; content:"GET"; http_method; content:"/update/tpb-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"eager-haslett.91-202-233-151.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388770/; classtype:trojan-activity;sid:84251870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388771)"; flow:established,from_client; content:"GET"; http_method; content:"/update/tpb-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"modest-sinoussi.91-202-233-151.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388771/; classtype:trojan-activity;sid:84251871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388772)"; flow:established,from_client; content:"GET"; http_method; content:"/update/tpb-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"api.information-binance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388772/; classtype:trojan-activity;sid:84251872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388754)"; flow:established,from_client; content:"GET"; http_method; content:"/update/tpb-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.202.233.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388754/; classtype:trojan-activity;sid:84251854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388541)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"traefik-dashboard.val.io.vn"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388541/; classtype:trojan-activity;sid:84251641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388529)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"traefik-dashboard.val.io.vn"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388529/; classtype:trojan-activity;sid:84251629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388175)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.45.99.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388175/; classtype:trojan-activity;sid:84251275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"158.255.83.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387842/; classtype:trojan-activity;sid:84250942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387816)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.201.247.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387816/; classtype:trojan-activity;sid:84250916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387817)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.108.145.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387817/; classtype:trojan-activity;sid:84250917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387818)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.134.58.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387818/; classtype:trojan-activity;sid:84250918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387819)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"58.87.94.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387819/; classtype:trojan-activity;sid:84250919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387824)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.102.218.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387824/; classtype:trojan-activity;sid:84250924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387830)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.140.239.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387830/; classtype:trojan-activity;sid:84250930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.153.57.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387805/; classtype:trojan-activity;sid:84250905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.89.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387806/; classtype:trojan-activity;sid:84250906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.171.240.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387797/; classtype:trojan-activity;sid:84250897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.20.55.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387782/; classtype:trojan-activity;sid:84250882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.179.179.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387785/; classtype:trojan-activity;sid:84250885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.20.55.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387787/; classtype:trojan-activity;sid:84250887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.20.55.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387788/; classtype:trojan-activity;sid:84250888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.20.55.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387790/; classtype:trojan-activity;sid:84250890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.211.215.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387792/; classtype:trojan-activity;sid:84250892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.220.229.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387777/; classtype:trojan-activity;sid:84250877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.188.82.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387778/; classtype:trojan-activity;sid:84250878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.125.243.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387770/; classtype:trojan-activity;sid:84250870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387744)"; flow:established,from_client; content:"GET"; http_method; content:"/neww"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"newhip.oss-cn-beijing.aliyuncs.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387744/; classtype:trojan-activity;sid:84250844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387720)"; flow:established,from_client; content:"GET"; http_method; content:"/fericarr/newky/raw/refs/heads/main/prueba.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387720/; classtype:trojan-activity;sid:84250820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387721)"; flow:established,from_client; content:"GET"; http_method; content:"/yusuf216/sshport/raw/refs/heads/main/evetbeta.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387721/; classtype:trojan-activity;sid:84250821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387722)"; flow:established,from_client; content:"GET"; http_method; content:"/yusuf216/sshport/raw/refs/heads/main/benpolatalemdar.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387722/; classtype:trojan-activity;sid:84250822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387723)"; flow:established,from_client; content:"GET"; http_method; content:"/mariolalo/myrec/raw/refs/heads/main/notallowedtocrypt.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387723/; classtype:trojan-activity;sid:84250823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387718)"; flow:established,from_client; content:"GET"; http_method; content:"/itschangat/test/raw/refs/heads/main/server.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387718/; classtype:trojan-activity;sid:84250818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387714)"; flow:established,from_client; content:"GET"; http_method; content:"/thekingzirush/accgena1/raw/refs/heads/main/mcgen.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387714/; classtype:trojan-activity;sid:84250814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387712)"; flow:established,from_client; content:"GET"; http_method; content:"/azurerex/napewnonievoiderhook/raw/main/seksiak.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387712/; classtype:trojan-activity;sid:84250812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387713)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/osiris/raw/refs/heads/main/2klz.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387713/; classtype:trojan-activity;sid:84250813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387707)"; flow:established,from_client; content:"GET"; http_method; content:"/tiraundercode/rev/raw/main/client-built.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387707/; classtype:trojan-activity;sid:84250807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387708)"; flow:established,from_client; content:"GET"; http_method; content:"/rsvgsng/funpark/raw/refs/heads/main/diskutil.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387708/; classtype:trojan-activity;sid:84250808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387710)"; flow:established,from_client; content:"GET"; http_method; content:"/nullspectre/whyareyouhere-/raw/4bed170d797d5d2077bfc312d8badcd3c1dbaa74/test2.exe"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387710/; classtype:trojan-activity;sid:84250810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387711)"; flow:established,from_client; content:"GET"; http_method; content:"/samllea1/gorebox-modmenu/raw/refs/heads/main/gorebox%20modmenu%201.2.0.exe"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387711/; classtype:trojan-activity;sid:84250811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387705)"; flow:established,from_client; content:"GET"; http_method; content:"/waynesson/rocitizens/raw/refs/heads/main/client-built.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387705/; classtype:trojan-activity;sid:84250805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387702)"; flow:established,from_client; content:"GET"; http_method; content:"/yuriksq/papilla/raw/refs/heads/main/jrockekcurje.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387702/; classtype:trojan-activity;sid:84250802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387697)"; flow:established,from_client; content:"GET"; http_method; content:"/intput.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"101.201.227.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387697/; classtype:trojan-activity;sid:84250797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387695)"; flow:established,from_client; content:"GET"; http_method; content:"/rviance/ubiquitous-fortnight/releases/download/toolwin/toolwin.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387695/; classtype:trojan-activity;sid:84250795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387688)"; flow:established,from_client; content:"GET"; http_method; content:"/jackyz777/activebypass/raw/refs/heads/main/systempreter.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387688/; classtype:trojan-activity;sid:84250788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387689)"; flow:established,from_client; content:"GET"; http_method; content:"/darkneonglitch/prooes/raw/refs/heads/main/sync.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387689/; classtype:trojan-activity;sid:84250789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387691)"; flow:established,from_client; content:"GET"; http_method; content:"/kidxnox/image-logger/raw/refs/heads/main/image%20logger.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387691/; classtype:trojan-activity;sid:84250791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386798)"; flow:established,from_client; content:"GET"; http_method; content:"/proceedings-article/55a07147594fae1312e55be4d77971e1/skidmore2008.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"dacemirror.sci-hub.se"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3386798/; classtype:trojan-activity;sid:84249898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386507)"; flow:established,from_client; content:"GET"; http_method; content:"/file-32bit.elf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"34.45.47.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386507/; classtype:trojan-activity;sid:84249607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386508)"; flow:established,from_client; content:"GET"; http_method; content:"/file.elf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"34.45.47.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386508/; classtype:trojan-activity;sid:84249608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386509)"; flow:established,from_client; content:"GET"; http_method; content:"/file-arm.elf"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"34.45.47.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386509/; classtype:trojan-activity;sid:84249609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386510)"; flow:established,from_client; content:"GET"; http_method; content:"/file-64bit.elf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"34.45.47.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386510/; classtype:trojan-activity;sid:84249610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386292)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.117.90.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386292/; classtype:trojan-activity;sid:84249392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386233)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.125.243.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386233/; classtype:trojan-activity;sid:84249333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386211)"; flow:established,from_client; content:"GET"; http_method; content:"/thekingzirush/accgena1/refs/heads/main/mcgen.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386211/; classtype:trojan-activity;sid:84249311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386210)"; flow:established,from_client; content:"GET"; http_method; content:"/ghost-opbr/test/refs/heads/main/adobepdfreader.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386210/; classtype:trojan-activity;sid:84249310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386208)"; flow:established,from_client; content:"GET"; http_method; content:"/thekingzirush/accgena1/raw/refs/heads/main/mcgen.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386208/; classtype:trojan-activity;sid:84249308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386204)"; flow:established,from_client; content:"GET"; http_method; content:"/denispazin/uploads/refs/heads/main/1735500131.bin"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386204/; classtype:trojan-activity;sid:84249304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386193)"; flow:established,from_client; content:"GET"; http_method; content:"/denispazin/uploads/raw/refs/heads/main/1735500131.bin"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386193/; classtype:trojan-activity;sid:84249293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386147)"; flow:established,from_client; content:"GET"; http_method; content:"/c/j"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386147/; classtype:trojan-activity;sid:84249247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385746)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.247.206.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3385746/; classtype:trojan-activity;sid:84248846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.132.14.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385612/; classtype:trojan-activity;sid:84248712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.180.78.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385596/; classtype:trojan-activity;sid:84248696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.208.107.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385582/; classtype:trojan-activity;sid:84248682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.232.133.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385583/; classtype:trojan-activity;sid:84248683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.97.36.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385579/; classtype:trojan-activity;sid:84248679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385528)"; flow:established,from_client; content:"GET"; http_method; content:"/esh4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385528/; classtype:trojan-activity;sid:84248628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385524)"; flow:established,from_client; content:"GET"; http_method; content:"/empsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385524/; classtype:trojan-activity;sid:84248624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385525)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385525/; classtype:trojan-activity;sid:84248625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385526)"; flow:established,from_client; content:"GET"; http_method; content:"/earm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385526/; classtype:trojan-activity;sid:84248626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385527)"; flow:established,from_client; content:"GET"; http_method; content:"/eppc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385527/; classtype:trojan-activity;sid:84248627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385523)"; flow:established,from_client; content:"GET"; http_method; content:"/earm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385523/; classtype:trojan-activity;sid:84248623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385511)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385511/; classtype:trojan-activity;sid:84248611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385512)"; flow:established,from_client; content:"GET"; http_method; content:"/ex86"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385512/; classtype:trojan-activity;sid:84248612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385513)"; flow:established,from_client; content:"GET"; http_method; content:"/earc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385513/; classtype:trojan-activity;sid:84248613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385514)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385514/; classtype:trojan-activity;sid:84248614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385515)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385515/; classtype:trojan-activity;sid:84248615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385516)"; flow:established,from_client; content:"GET"; http_method; content:"/emips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385516/; classtype:trojan-activity;sid:84248616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385517)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385517/; classtype:trojan-activity;sid:84248617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385518)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385518/; classtype:trojan-activity;sid:84248618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385519)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385519/; classtype:trojan-activity;sid:84248619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385520)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385520/; classtype:trojan-activity;sid:84248620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385521)"; flow:established,from_client; content:"GET"; http_method; content:"/earm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385521/; classtype:trojan-activity;sid:84248621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385522)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385522/; classtype:trojan-activity;sid:84248622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385493)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.185.103.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385493/; classtype:trojan-activity;sid:84248593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385463)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385463/; classtype:trojan-activity;sid:84248563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385464)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385464/; classtype:trojan-activity;sid:84248564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385450)"; flow:established,from_client; content:"GET"; http_method; content:"/xx.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.199.101.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385450/; classtype:trojan-activity;sid:84248550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385167)"; flow:established,from_client; content:"GET"; http_method; content:"/soft_hair/ultravnc.ini"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"support.clz.kr"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385167/; classtype:trojan-activity;sid:84248267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385165)"; flow:established,from_client; content:"GET"; http_method; content:"/net/coc%20coc.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"quanlyphongnet.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385165/; classtype:trojan-activity;sid:84248265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385032)"; flow:established,from_client; content:"GET"; http_method; content:"/5fr5gthkjdg71"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.148.3.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385032/; classtype:trojan-activity;sid:84248132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3384953)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3384953/; classtype:trojan-activity;sid:84248053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3384511)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.180.78.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_31; reference:url, urlhaus.abuse.ch/url/3384511/; classtype:trojan-activity;sid:84247611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3384037)"; flow:established,from_client; content:"GET"; http_method; content:"/d4rk-v3n0m/test2/refs/heads/main/client.bin"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_31; reference:url, urlhaus.abuse.ch/url/3384037/; classtype:trojan-activity;sid:84247137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3384038)"; flow:established,from_client; content:"GET"; http_method; content:"/rsvgsng/funpark/refs/heads/main/diskutil.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_31; reference:url, urlhaus.abuse.ch/url/3384038/; classtype:trojan-activity;sid:84247138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3384039)"; flow:established,from_client; content:"GET"; http_method; content:"/jackyz777/activebypass/refs/heads/main/systempreter.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_31; reference:url, urlhaus.abuse.ch/url/3384039/; classtype:trojan-activity;sid:84247139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3384025)"; flow:established,from_client; content:"GET"; http_method; content:"/rsvgsng/funpark/raw/refs/heads/main/diskutil.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_31; reference:url, urlhaus.abuse.ch/url/3384025/; classtype:trojan-activity;sid:84247125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3384021)"; flow:established,from_client; content:"GET"; http_method; content:"/d4rk-v3n0m/test2/raw/refs/heads/main/client.bin"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_31; reference:url, urlhaus.abuse.ch/url/3384021/; classtype:trojan-activity;sid:84247121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3384007)"; flow:established,from_client; content:"GET"; http_method; content:"/mis/!help_sos.hta"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.29.95.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_31; reference:url, urlhaus.abuse.ch/url/3384007/; classtype:trojan-activity;sid:84247107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3384002)"; flow:established,from_client; content:"GET"; http_method; content:"/!help_sos.hta"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"202.29.95.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_31; reference:url, urlhaus.abuse.ch/url/3384002/; classtype:trojan-activity;sid:84247102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3383931)"; flow:established,from_client; content:"GET"; http_method; content:"/aminer.gz"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.62.178.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_31; reference:url, urlhaus.abuse.ch/url/3383931/; classtype:trojan-activity;sid:84247031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3383929)"; flow:established,from_client; content:"GET"; http_method; content:"/ns1.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"168.62.178.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_31; reference:url, urlhaus.abuse.ch/url/3383929/; classtype:trojan-activity;sid:84247029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3383927)"; flow:established,from_client; content:"GET"; http_method; content:"/ns3.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"168.62.178.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_31; reference:url, urlhaus.abuse.ch/url/3383927/; classtype:trojan-activity;sid:84247027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3383926)"; flow:established,from_client; content:"GET"; http_method; content:"/install.tgz"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"168.62.178.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_31; reference:url, urlhaus.abuse.ch/url/3383926/; classtype:trojan-activity;sid:84247026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3383623)"; flow:established,from_client; content:"GET"; http_method; content:"/1.bat"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"101.37.34.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_30; reference:url, urlhaus.abuse.ch/url/3383623/; classtype:trojan-activity;sid:84246723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3383447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.70.15.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_30; reference:url, urlhaus.abuse.ch/url/3383447/; classtype:trojan-activity;sid:84246547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3383428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.70.15.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_30; reference:url, urlhaus.abuse.ch/url/3383428/; classtype:trojan-activity;sid:84246528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3383028)"; flow:established,from_client; content:"GET"; http_method; content:"/anydesk.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"avastexodus.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_30; reference:url, urlhaus.abuse.ch/url/3383028/; classtype:trojan-activity;sid:84246128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3383027)"; flow:established,from_client; content:"GET"; http_method; content:"/anydesk.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"avastcxt.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_30; reference:url, urlhaus.abuse.ch/url/3383027/; classtype:trojan-activity;sid:84246127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3383026)"; flow:established,from_client; content:"GET"; http_method; content:"/anydesk.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"avastexodus.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_30; reference:url, urlhaus.abuse.ch/url/3383026/; classtype:trojan-activity;sid:84246126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3383024)"; flow:established,from_client; content:"GET"; http_method; content:"/anydesk.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"avastmetamask.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_30; reference:url, urlhaus.abuse.ch/url/3383024/; classtype:trojan-activity;sid:84246124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3383025)"; flow:established,from_client; content:"GET"; http_method; content:"/anydesk.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"avastpdq.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_30; reference:url, urlhaus.abuse.ch/url/3383025/; classtype:trojan-activity;sid:84246125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3383023)"; flow:established,from_client; content:"GET"; http_method; content:"/anydesk.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"avastpdq.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_30; reference:url, urlhaus.abuse.ch/url/3383023/; classtype:trojan-activity;sid:84246123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3383021)"; flow:established,from_client; content:"GET"; http_method; content:"/anydesk.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"avastcxt.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_30; reference:url, urlhaus.abuse.ch/url/3383021/; classtype:trojan-activity;sid:84246121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3383022)"; flow:established,from_client; content:"GET"; http_method; content:"/anydesk.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"avastmetamask.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_30; reference:url, urlhaus.abuse.ch/url/3383022/; classtype:trojan-activity;sid:84246122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3383018)"; flow:established,from_client; content:"GET"; http_method; content:"/avastavv.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"avastcxp.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_30; reference:url, urlhaus.abuse.ch/url/3383018/; classtype:trojan-activity;sid:84246118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3383017)"; flow:established,from_client; content:"GET"; http_method; content:"/avastavv.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"avastng.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_30; reference:url, urlhaus.abuse.ch/url/3383017/; classtype:trojan-activity;sid:84246117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3383016)"; flow:established,from_client; content:"GET"; http_method; content:"/avastavv.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"avastng.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_30; reference:url, urlhaus.abuse.ch/url/3383016/; classtype:trojan-activity;sid:84246116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3383015)"; flow:established,from_client; content:"GET"; http_method; content:"/avastavv.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"avastpdr.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_30; reference:url, urlhaus.abuse.ch/url/3383015/; classtype:trojan-activity;sid:84246115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3382777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.28.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_30; reference:url, urlhaus.abuse.ch/url/3382777/; classtype:trojan-activity;sid:84245877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3382552)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_30; reference:url, urlhaus.abuse.ch/url/3382552/; classtype:trojan-activity;sid:84245652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3382532)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_30; reference:url, urlhaus.abuse.ch/url/3382532/; classtype:trojan-activity;sid:84245632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3382520)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_30; reference:url, urlhaus.abuse.ch/url/3382520/; classtype:trojan-activity;sid:84245620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3382383)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_30; reference:url, urlhaus.abuse.ch/url/3382383/; classtype:trojan-activity;sid:84245483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3382115)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.90.142.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_29; reference:url, urlhaus.abuse.ch/url/3382115/; classtype:trojan-activity;sid:84245215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3382117)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"42.240.133.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_29; reference:url, urlhaus.abuse.ch/url/3382117/; classtype:trojan-activity;sid:84245217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3382105)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.40.112.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_29; reference:url, urlhaus.abuse.ch/url/3382105/; classtype:trojan-activity;sid:84245205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3380950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.252.66.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_29; reference:url, urlhaus.abuse.ch/url/3380950/; classtype:trojan-activity;sid:84244050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3380949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.50.4.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_29; reference:url, urlhaus.abuse.ch/url/3380949/; classtype:trojan-activity;sid:84244049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3380933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.111.183.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_29; reference:url, urlhaus.abuse.ch/url/3380933/; classtype:trojan-activity;sid:84244033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3380938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"139.255.30.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_29; reference:url, urlhaus.abuse.ch/url/3380938/; classtype:trojan-activity;sid:84244038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3380929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.73.64.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_29; reference:url, urlhaus.abuse.ch/url/3380929/; classtype:trojan-activity;sid:84244029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3380923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.115.40.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_29; reference:url, urlhaus.abuse.ch/url/3380923/; classtype:trojan-activity;sid:84244023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3380924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.179.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_29; reference:url, urlhaus.abuse.ch/url/3380924/; classtype:trojan-activity;sid:84244024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3380469)"; flow:established,from_client; content:"GET"; http_method; content:"/33.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.198.49.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_29; reference:url, urlhaus.abuse.ch/url/3380469/; classtype:trojan-activity;sid:84243569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3380467)"; flow:established,from_client; content:"GET"; http_method; content:"/1.bin"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"154.198.49.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_29; reference:url, urlhaus.abuse.ch/url/3380467/; classtype:trojan-activity;sid:84243567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3379590)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.233.119.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3379590/; classtype:trojan-activity;sid:84242690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3379564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.35.179.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3379564/; classtype:trojan-activity;sid:84242664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3379553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.35.179.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3379553/; classtype:trojan-activity;sid:84242653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3379473)"; flow:established,from_client; content:"GET"; http_method; content:"/obfdownload/doubleloaderdll.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"185.147.125.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3379473/; classtype:trojan-activity;sid:84242573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3379272)"; flow:established,from_client; content:"GET"; http_method; content:"/tcoin.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3379272/; classtype:trojan-activity;sid:84242372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.116.68.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378993/; classtype:trojan-activity;sid:84242093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.50.4.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378991/; classtype:trojan-activity;sid:84242091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.252.167.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378986/; classtype:trojan-activity;sid:84242086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.180.2.38"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378979/; classtype:trojan-activity;sid:84242079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.147.142.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378982/; classtype:trojan-activity;sid:84242082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.50.4.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378977/; classtype:trojan-activity;sid:84242077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.143.173.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378976/; classtype:trojan-activity;sid:84242076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.107.32.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378975/; classtype:trojan-activity;sid:84242075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.166.18.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378961/; classtype:trojan-activity;sid:84242061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.1.110.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378964/; classtype:trojan-activity;sid:84242064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.114.218.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378965/; classtype:trojan-activity;sid:84242065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.108.227.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378966/; classtype:trojan-activity;sid:84242066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.193.52.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378969/; classtype:trojan-activity;sid:84242069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"159.148.48.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378970/; classtype:trojan-activity;sid:84242070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.171.223.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378971/; classtype:trojan-activity;sid:84242071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.48.132.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378942/; classtype:trojan-activity;sid:84242042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.171.223.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378944/; classtype:trojan-activity;sid:84242044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.177.240.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378952/; classtype:trojan-activity;sid:84242052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.126.186.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378954/; classtype:trojan-activity;sid:84242054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.111.183.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378955/; classtype:trojan-activity;sid:84242055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.197.231.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378956/; classtype:trojan-activity;sid:84242056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.247.15.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378957/; classtype:trojan-activity;sid:84242057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.26.136.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378958/; classtype:trojan-activity;sid:84242058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.43.139.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3378580/; classtype:trojan-activity;sid:84241680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378337)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.50.190.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3378337/; classtype:trojan-activity;sid:84241437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378323)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"83.229.122.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3378323/; classtype:trojan-activity;sid:84241423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378328)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.71.137.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3378328/; classtype:trojan-activity;sid:84241428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378333)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.50.190.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3378333/; classtype:trojan-activity;sid:84241433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378335)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.96.89.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3378335/; classtype:trojan-activity;sid:84241435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378302)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.98.194.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3378302/; classtype:trojan-activity;sid:84241402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378304)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.98.48.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3378304/; classtype:trojan-activity;sid:84241404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378306)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"112.124.71.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3378306/; classtype:trojan-activity;sid:84241406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378311)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.35.228.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3378311/; classtype:trojan-activity;sid:84241411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378018)"; flow:established,from_client; content:"GET"; http_method; content:"/mincln.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3378018/; classtype:trojan-activity;sid:84241118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378016)"; flow:established,from_client; content:"GET"; http_method; content:"/fdiuioijofgrg"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.148.3.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3378016/; classtype:trojan-activity;sid:84241116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3377988)"; flow:established,from_client; content:"GET"; http_method; content:"/nvcommander2/allgens/refs/heads/main/msgde.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3377988/; classtype:trojan-activity;sid:84241088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3377969)"; flow:established,from_client; content:"GET"; http_method; content:"/win/checking.hta"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"qlqd5zqefmkcr34a.onion.sh"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3377969/; classtype:trojan-activity;sid:84241069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3377970)"; flow:established,from_client; content:"GET"; http_method; content:"/htaaa.hta"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mandarin.net.au"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3377970/; classtype:trojan-activity;sid:84241070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3377935)"; flow:established,from_client; content:"GET"; http_method; content:"/ryycheats/ezfn-cheats-v2/refs/heads/main/ezfn%20op%20cheats.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3377935/; classtype:trojan-activity;sid:84241035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3377594)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.242.12.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_26; reference:url, urlhaus.abuse.ch/url/3377594/; classtype:trojan-activity;sid:84240694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3377601)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.198.229.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_26; reference:url, urlhaus.abuse.ch/url/3377601/; classtype:trojan-activity;sid:84240701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3377602)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"36.140.28.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_26; reference:url, urlhaus.abuse.ch/url/3377602/; classtype:trojan-activity;sid:84240702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3377532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.151.3.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_26; reference:url, urlhaus.abuse.ch/url/3377532/; classtype:trojan-activity;sid:84240632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3377351)"; flow:established,from_client; content:"GET"; http_method; content:"/tienda4/musical/refs/heads/main/vncgroups.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_26; reference:url, urlhaus.abuse.ch/url/3377351/; classtype:trojan-activity;sid:84240451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3377352)"; flow:established,from_client; content:"GET"; http_method; content:"/tienda4/musical/raw/refs/heads/main/vncgroups.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_26; reference:url, urlhaus.abuse.ch/url/3377352/; classtype:trojan-activity;sid:84240452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3376626)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_26; reference:url, urlhaus.abuse.ch/url/3376626/; classtype:trojan-activity;sid:84239726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3376494)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.tar"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"51.210.148.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_25; reference:url, urlhaus.abuse.ch/url/3376494/; classtype:trojan-activity;sid:84239594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3376473)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"24.115.40.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_25; reference:url, urlhaus.abuse.ch/url/3376473/; classtype:trojan-activity;sid:84239573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3376397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.228.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_25; reference:url, urlhaus.abuse.ch/url/3376397/; classtype:trojan-activity;sid:84239497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3376380)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_25; reference:url, urlhaus.abuse.ch/url/3376380/; classtype:trojan-activity;sid:84239480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3376370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.228.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_25; reference:url, urlhaus.abuse.ch/url/3376370/; classtype:trojan-activity;sid:84239470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3376329)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_25; reference:url, urlhaus.abuse.ch/url/3376329/; classtype:trojan-activity;sid:84239429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3376093)"; flow:established,from_client; content:"GET"; http_method; content:"/22.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.198.49.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_25; reference:url, urlhaus.abuse.ch/url/3376093/; classtype:trojan-activity;sid:84239193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3375881)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.228.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_25; reference:url, urlhaus.abuse.ch/url/3375881/; classtype:trojan-activity;sid:84238981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3374853)"; flow:established,from_client; content:"GET"; http_method; content:"/xmr.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_24; reference:url, urlhaus.abuse.ch/url/3374853/; classtype:trojan-activity;sid:84237953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3374798)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/refs/heads/main/test-loader.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_24; reference:url, urlhaus.abuse.ch/url/3374798/; classtype:trojan-activity;sid:84237898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3374797)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/refs/heads/main/system-loader.bin"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_24; reference:url, urlhaus.abuse.ch/url/3374797/; classtype:trojan-activity;sid:84237897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3374795)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/refs/heads/main/loader.bin"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_24; reference:url, urlhaus.abuse.ch/url/3374795/; classtype:trojan-activity;sid:84237895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3374790)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/refs/heads/main/program-loader.bin"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_24; reference:url, urlhaus.abuse.ch/url/3374790/; classtype:trojan-activity;sid:84237890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3374791)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/refs/heads/main/uesr-loader.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_24; reference:url, urlhaus.abuse.ch/url/3374791/; classtype:trojan-activity;sid:84237891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3374159)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.48.132.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3374159/; classtype:trojan-activity;sid:84237259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373742)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stealcy11.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373742/; classtype:trojan-activity;sid:84236842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373743)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/daw21.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373743/; classtype:trojan-activity;sid:84236843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373711)"; flow:established,from_client; content:"GET"; http_method; content:"/phpmyadmin/!help_sos.hta"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.29.95.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373711/; classtype:trojan-activity;sid:84236811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373507)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.143.139.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373507/; classtype:trojan-activity;sid:84236607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373506)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.143.139.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373506/; classtype:trojan-activity;sid:84236606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373494)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"183.171.53.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373494/; classtype:trojan-activity;sid:84236594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373495)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.19.23.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373495/; classtype:trojan-activity;sid:84236595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373502)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"177.23.136.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373502/; classtype:trojan-activity;sid:84236602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373504)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.0.204.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373504/; classtype:trojan-activity;sid:84236604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373486)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"90.45.15.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373486/; classtype:trojan-activity;sid:84236586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373487)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"90.45.15.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373487/; classtype:trojan-activity;sid:84236587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373492)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373492/; classtype:trojan-activity;sid:84236592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373351)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.92.254.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373351/; classtype:trojan-activity;sid:84236451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.136.193.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373094/; classtype:trojan-activity;sid:84236194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.112.93.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373091/; classtype:trojan-activity;sid:84236191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.159.154.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373087/; classtype:trojan-activity;sid:84236187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.96.1.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373088/; classtype:trojan-activity;sid:84236188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.190.68.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373089/; classtype:trojan-activity;sid:84236189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.6.14.187"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373083/; classtype:trojan-activity;sid:84236183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.222.2.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373084/; classtype:trojan-activity;sid:84236184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.84.39.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373071/; classtype:trojan-activity;sid:84236171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.149.71.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373073/; classtype:trojan-activity;sid:84236173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.164.191.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373074/; classtype:trojan-activity;sid:84236174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"179.236.0.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373075/; classtype:trojan-activity;sid:84236175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.160.109.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373080/; classtype:trojan-activity;sid:84236180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"47.181.114.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373053/; classtype:trojan-activity;sid:84236153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.43.128.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373055/; classtype:trojan-activity;sid:84236155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.153.52.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373056/; classtype:trojan-activity;sid:84236156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.236.135.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373057/; classtype:trojan-activity;sid:84236157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.34.205.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373058/; classtype:trojan-activity;sid:84236158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.162.140.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373059/; classtype:trojan-activity;sid:84236159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.166.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373061/; classtype:trojan-activity;sid:84236161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.125.133.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373062/; classtype:trojan-activity;sid:84236162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.136.225.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373063/; classtype:trojan-activity;sid:84236163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.136.195.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373064/; classtype:trojan-activity;sid:84236164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"152.231.66.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373065/; classtype:trojan-activity;sid:84236165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.244.113.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373067/; classtype:trojan-activity;sid:84236167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.192.33.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373068/; classtype:trojan-activity;sid:84236168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.179.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373048/; classtype:trojan-activity;sid:84236148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.216.107.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373050/; classtype:trojan-activity;sid:84236150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.13.165.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373042/; classtype:trojan-activity;sid:84236142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.214.196.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373031/; classtype:trojan-activity;sid:84236131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.121.195.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373032/; classtype:trojan-activity;sid:84236132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.53.164.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373036/; classtype:trojan-activity;sid:84236136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.138.68.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373037/; classtype:trojan-activity;sid:84236137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.113.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373040/; classtype:trojan-activity;sid:84236140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"156.200.109.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373016/; classtype:trojan-activity;sid:84236116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.138.107.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373017/; classtype:trojan-activity;sid:84236117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.234.157.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373018/; classtype:trojan-activity;sid:84236118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.57.79.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373020/; classtype:trojan-activity;sid:84236120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.233.59.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373022/; classtype:trojan-activity;sid:84236122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373023/; classtype:trojan-activity;sid:84236123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.101.230.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373025/; classtype:trojan-activity;sid:84236125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.20.27.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373026/; classtype:trojan-activity;sid:84236126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.185.23.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373009/; classtype:trojan-activity;sid:84236109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.89.112.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373011/; classtype:trojan-activity;sid:84236111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.208.52.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373012/; classtype:trojan-activity;sid:84236112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"192.162.49.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373007/; classtype:trojan-activity;sid:84236107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.160.216.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373005/; classtype:trojan-activity;sid:84236105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.28.209.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373003/; classtype:trojan-activity;sid:84236103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.245.78.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372974/; classtype:trojan-activity;sid:84236074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.211.187.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372975/; classtype:trojan-activity;sid:84236075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.90.15.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372978/; classtype:trojan-activity;sid:84236078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.93.83.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372979/; classtype:trojan-activity;sid:84236079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.218.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372981/; classtype:trojan-activity;sid:84236081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.101.157.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372985/; classtype:trojan-activity;sid:84236085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.158.158.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372986/; classtype:trojan-activity;sid:84236086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.165.170.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372987/; classtype:trojan-activity;sid:84236087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.52.16.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372988/; classtype:trojan-activity;sid:84236088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.15.137.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372989/; classtype:trojan-activity;sid:84236089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.125.133.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372990/; classtype:trojan-activity;sid:84236090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372991/; classtype:trojan-activity;sid:84236091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.43.6.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372994/; classtype:trojan-activity;sid:84236094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.236.133.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372995/; classtype:trojan-activity;sid:84236095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.57.125.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372999/; classtype:trojan-activity;sid:84236099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.43.74.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373000/; classtype:trojan-activity;sid:84236100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.193.143.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372970/; classtype:trojan-activity;sid:84236070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.34.137.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372973/; classtype:trojan-activity;sid:84236073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.85.166.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372968/; classtype:trojan-activity;sid:84236068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.156.154.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372966/; classtype:trojan-activity;sid:84236066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.43.6.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372961/; classtype:trojan-activity;sid:84236061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.37.126.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372962/; classtype:trojan-activity;sid:84236062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"139.255.97.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372964/; classtype:trojan-activity;sid:84236064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.187.151.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372951/; classtype:trojan-activity;sid:84236051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.110.204.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372954/; classtype:trojan-activity;sid:84236054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.129.177.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372956/; classtype:trojan-activity;sid:84236056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.23.51.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372957/; classtype:trojan-activity;sid:84236057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.180.23.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372959/; classtype:trojan-activity;sid:84236059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.90.206.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372934/; classtype:trojan-activity;sid:84236034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.205.84.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372936/; classtype:trojan-activity;sid:84236036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.223.44.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372937/; classtype:trojan-activity;sid:84236037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.244.201.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372939/; classtype:trojan-activity;sid:84236039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"173.178.94.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372940/; classtype:trojan-activity;sid:84236040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.12.157.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372941/; classtype:trojan-activity;sid:84236041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.121.33.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372942/; classtype:trojan-activity;sid:84236042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.125.133.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372944/; classtype:trojan-activity;sid:84236044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372945)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.218.189.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372945/; classtype:trojan-activity;sid:84236045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.233.125.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372946/; classtype:trojan-activity;sid:84236046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.117.240.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372947/; classtype:trojan-activity;sid:84236047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.81.124.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372948/; classtype:trojan-activity;sid:84236048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.8.81.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372929/; classtype:trojan-activity;sid:84236029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.154.209.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372931/; classtype:trojan-activity;sid:84236031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.23.51.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372932/; classtype:trojan-activity;sid:84236032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.64.128.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372928/; classtype:trojan-activity;sid:84236028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.158.69.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372926/; classtype:trojan-activity;sid:84236026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.6.12.230"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372924/; classtype:trojan-activity;sid:84236024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372905)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.241.74.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372905/; classtype:trojan-activity;sid:84236005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372904)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.241.74.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372904/; classtype:trojan-activity;sid:84236004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372903)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"111.74.21.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372903/; classtype:trojan-activity;sid:84236003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372902)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372902/; classtype:trojan-activity;sid:84236002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372900)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372900/; classtype:trojan-activity;sid:84236000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372901)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"220.180.255.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372901/; classtype:trojan-activity;sid:84236001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372891)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372891/; classtype:trojan-activity;sid:84235991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372892)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372892/; classtype:trojan-activity;sid:84235992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372893)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372893/; classtype:trojan-activity;sid:84235993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372896)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372896/; classtype:trojan-activity;sid:84235996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372898)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372898/; classtype:trojan-activity;sid:84235998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372881)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372881/; classtype:trojan-activity;sid:84235981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372882)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"114.242.26.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372882/; classtype:trojan-activity;sid:84235982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372883)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372883/; classtype:trojan-activity;sid:84235983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372884)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372884/; classtype:trojan-activity;sid:84235984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372885)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372885/; classtype:trojan-activity;sid:84235985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372886)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372886/; classtype:trojan-activity;sid:84235986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372887)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.141.62.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372887/; classtype:trojan-activity;sid:84235987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372888)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.139.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372888/; classtype:trojan-activity;sid:84235988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372890)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372890/; classtype:trojan-activity;sid:84235990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372871)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"206.204.128.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372871/; classtype:trojan-activity;sid:84235971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372874)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.139.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372874/; classtype:trojan-activity;sid:84235974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372876)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.247.101.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372876/; classtype:trojan-activity;sid:84235976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372877)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"114.247.47.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372877/; classtype:trojan-activity;sid:84235977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372878)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372878/; classtype:trojan-activity;sid:84235978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372879)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372879/; classtype:trojan-activity;sid:84235979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372704)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372704/; classtype:trojan-activity;sid:84235804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372705)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372705/; classtype:trojan-activity;sid:84235805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372701)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.68.74.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372701/; classtype:trojan-activity;sid:84235801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372699)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.85.89"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372699/; classtype:trojan-activity;sid:84235799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372693)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.210.92.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372693/; classtype:trojan-activity;sid:84235793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372687)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.139.20.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372687/; classtype:trojan-activity;sid:84235787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372688)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"133.106.109.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372688/; classtype:trojan-activity;sid:84235788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372684)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372684/; classtype:trojan-activity;sid:84235784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372686)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.140.204.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372686/; classtype:trojan-activity;sid:84235786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372674)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.77.66"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372674/; classtype:trojan-activity;sid:84235774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372677)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372677/; classtype:trojan-activity;sid:84235777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372680)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.66.215"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372680/; classtype:trojan-activity;sid:84235780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372670)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.96.121"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372670/; classtype:trojan-activity;sid:84235770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372671)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372671/; classtype:trojan-activity;sid:84235771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372672)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.147.165.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372672/; classtype:trojan-activity;sid:84235772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372657)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.190"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372657/; classtype:trojan-activity;sid:84235757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372658)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.216"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372658/; classtype:trojan-activity;sid:84235758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372661)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.210.95.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372661/; classtype:trojan-activity;sid:84235761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372662)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372662/; classtype:trojan-activity;sid:84235762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372664)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372664/; classtype:trojan-activity;sid:84235764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372655)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.140.204.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372655/; classtype:trojan-activity;sid:84235755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372654)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372654/; classtype:trojan-activity;sid:84235754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372651)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372651/; classtype:trojan-activity;sid:84235751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372650)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.88.48.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372650/; classtype:trojan-activity;sid:84235750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372646)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.210.103.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372646/; classtype:trojan-activity;sid:84235746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372625)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.189"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372625/; classtype:trojan-activity;sid:84235725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372627)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.115"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372627/; classtype:trojan-activity;sid:84235727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372630)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.215"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372630/; classtype:trojan-activity;sid:84235730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372631)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.188"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372631/; classtype:trojan-activity;sid:84235731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372635)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.215.129.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372635/; classtype:trojan-activity;sid:84235735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372636)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.28.177.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372636/; classtype:trojan-activity;sid:84235736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372637)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.40.60.61"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372637/; classtype:trojan-activity;sid:84235737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372639)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372639/; classtype:trojan-activity;sid:84235739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372642)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.28.177.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372642/; classtype:trojan-activity;sid:84235742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372617)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372617/; classtype:trojan-activity;sid:84235717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372620)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.140.204.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372620/; classtype:trojan-activity;sid:84235720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372622)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.140.204.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372622/; classtype:trojan-activity;sid:84235722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372615)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372615/; classtype:trojan-activity;sid:84235715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372588)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.40.55.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372588/; classtype:trojan-activity;sid:84235688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372590)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.76.249.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372590/; classtype:trojan-activity;sid:84235690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372497)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"89.213.158.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372497/; classtype:trojan-activity;sid:84235597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372498)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"89.213.158.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372498/; classtype:trojan-activity;sid:84235598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372499)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"89.213.158.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372499/; classtype:trojan-activity;sid:84235599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372500)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"89.213.158.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372500/; classtype:trojan-activity;sid:84235600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372495)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"89.213.158.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372495/; classtype:trojan-activity;sid:84235595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372493)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"89.213.158.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372493/; classtype:trojan-activity;sid:84235593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372485)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"89.213.158.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372485/; classtype:trojan-activity;sid:84235585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372486)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"89.213.158.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372486/; classtype:trojan-activity;sid:84235586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372487)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"89.213.158.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372487/; classtype:trojan-activity;sid:84235587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372488)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"89.213.158.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372488/; classtype:trojan-activity;sid:84235588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372489)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"89.213.158.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372489/; classtype:trojan-activity;sid:84235589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372490)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"89.213.158.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372490/; classtype:trojan-activity;sid:84235590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372491)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"89.213.158.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372491/; classtype:trojan-activity;sid:84235591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372492)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"89.213.158.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372492/; classtype:trojan-activity;sid:84235592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372123)"; flow:established,from_client; content:"GET"; http_method; content:"/112.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.249.172.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372123/; classtype:trojan-activity;sid:84235223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371353)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.213.158.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371353/; classtype:trojan-activity;sid:84234453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371018)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.88.242.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371018/; classtype:trojan-activity;sid:84234118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370213)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.208.201.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370213/; classtype:trojan-activity;sid:84233313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366873)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.155.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366873/; classtype:trojan-activity;sid:84229973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.11.38"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366807/; classtype:trojan-activity;sid:84229907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.11.38"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366803/; classtype:trojan-activity;sid:84229903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366735)"; flow:established,from_client; content:"GET"; http_method; content:"/metamail1/shll/refs/heads/main/kk.bin"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366735/; classtype:trojan-activity;sid:84229835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366734)"; flow:established,from_client; content:"GET"; http_method; content:"/metamail1/shll/raw/refs/heads/main/kk.bin"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366734/; classtype:trojan-activity;sid:84229834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366720)"; flow:established,from_client; content:"GET"; http_method; content:"/nullspectre/whyareyouhere-/4bed170d797d5d2077bfc312d8badcd3c1dbaa74/test2.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366720/; classtype:trojan-activity;sid:84229820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366699)"; flow:established,from_client; content:"GET"; http_method; content:"/darkneonglitch/prooes/refs/heads/main/syncing.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366699/; classtype:trojan-activity;sid:84229799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366684)"; flow:established,from_client; content:"GET"; http_method; content:"/nullspectre/whyareyouhere-/raw/4bed170d797d5d2077bfc312d8badcd3c1dbaa74/test2.exe"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366684/; classtype:trojan-activity;sid:84229784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.109.209.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366274/; classtype:trojan-activity;sid:84229374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.87.31.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366263/; classtype:trojan-activity;sid:84229363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.185.226.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366266/; classtype:trojan-activity;sid:84229366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.73.75.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366262/; classtype:trojan-activity;sid:84229362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.254.186.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366247/; classtype:trojan-activity;sid:84229347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.220.214.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366250/; classtype:trojan-activity;sid:84229350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.77.202.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366242/; classtype:trojan-activity;sid:84229342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366062)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.208.201.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366062/; classtype:trojan-activity;sid:84229162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357645)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fo/imqvfo7ednyj6s2r7c9mi/adkapou7kdhwuotkkuqv_wi|3f|rlkey=e3gjg0fqsaqgiba3og4xydu9d|7c|26|7c|e=1|7c|26|7c|st=2vbjb92c|7c|26|7c|dl=0"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357645/; classtype:trojan-activity;sid:84220745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357506)"; flow:established,from_client; content:"GET"; http_method; content:"/yadexf1/yadex/refs/heads/main/dlhost.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357506/; classtype:trojan-activity;sid:84220606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357501)"; flow:established,from_client; content:"GET"; http_method; content:"/yadexf1/yadex/raw/refs/heads/main/dlhost.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357501/; classtype:trojan-activity;sid:84220601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.21.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356934/; classtype:trojan-activity;sid:84220034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356914)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.126.51.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356914/; classtype:trojan-activity;sid:84220014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356912)"; flow:established,from_client; content:"GET"; http_method; content:"/ef/ef.bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.tdejb.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356912/; classtype:trojan-activity;sid:84220012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356911)"; flow:established,from_client; content:"GET"; http_method; content:"/ef/skifterne.sea"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.tdejb.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356911/; classtype:trojan-activity;sid:84220011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356804)"; flow:established,from_client; content:"GET"; http_method; content:"/c3pool/xmrig.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"c3poolbat.oss-accelerate.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356804/; classtype:trojan-activity;sid:84219904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356779)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/231dd3bd495a42b6a479fb7f210ba69b.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356779/; classtype:trojan-activity;sid:84219879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356778)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/231dd3bd495a42b6a479fb7f210ba69b.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356778/; classtype:trojan-activity;sid:84219878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356777)"; flow:established,from_client; content:"GET"; http_method; content:"/installer.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sister-1324943887.cos.ap-guangzhou.myqcloud.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356777/; classtype:trojan-activity;sid:84219877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356776)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/090cc5c1a5dc444dbeb0099f36f74657.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356776/; classtype:trojan-activity;sid:84219876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356775)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/5142a417d128494b9a9d67961121e943.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356775/; classtype:trojan-activity;sid:84219875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356772)"; flow:established,from_client; content:"GET"; http_method; content:"/dark_autre_ncrypt.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"93.176.52.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356772/; classtype:trojan-activity;sid:84219872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356773)"; flow:established,from_client; content:"GET"; http_method; content:"/in/1229.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356773/; classtype:trojan-activity;sid:84219873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356774)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/5142a417d128494b9a9d67961121e943.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356774/; classtype:trojan-activity;sid:84219874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356762)"; flow:established,from_client; content:"GET"; http_method; content:"/in/2041.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356762/; classtype:trojan-activity;sid:84219862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356765)"; flow:established,from_client; content:"GET"; http_method; content:"/in/d204.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356765/; classtype:trojan-activity;sid:84219865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356767)"; flow:established,from_client; content:"GET"; http_method; content:"/store_app/guardservice.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sgz-1302338321.cos.ap-guangzhou.myqcloud.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356767/; classtype:trojan-activity;sid:84219867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356768)"; flow:established,from_client; content:"GET"; http_method; content:"/futon"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"weco2.oss-me-east-1.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356768/; classtype:trojan-activity;sid:84219868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356769)"; flow:established,from_client; content:"GET"; http_method; content:"/qq%e5%8d%8e%e5%a4%8f%e6%9b%b4%e6%96%b0%e6%96%87%e4%bb%b6/%e8%87%aa%e5%8a%a8%e6%9b%b4%e6%96%b0%e8%be%85%e5%8a%a9%e7%a8%8b%e5%ba%8f.exe"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"kuakuawenjian.oss-cn-hangzhou.aliyuncs.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356769/; classtype:trojan-activity;sid:84219869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356770)"; flow:established,from_client; content:"GET"; http_method; content:"/dark_brout_ncrypt.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"93.176.52.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356770/; classtype:trojan-activity;sid:84219870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356771)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/b0b34b3375b144c680a0456ffdd639a0.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356771/; classtype:trojan-activity;sid:84219871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356760)"; flow:established,from_client; content:"GET"; http_method; content:"/pack_autre_ncrypt.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"93.176.52.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356760/; classtype:trojan-activity;sid:84219860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356761)"; flow:established,from_client; content:"GET"; http_method; content:"/smiple_4yue"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"weco2.oss-me-east-1.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356761/; classtype:trojan-activity;sid:84219861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356755)"; flow:established,from_client; content:"GET"; http_method; content:"/test_kbnt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"weco.oss-eu-central-1.aliyuncs.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356755/; classtype:trojan-activity;sid:84219855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356748)"; flow:established,from_client; content:"GET"; http_method; content:"/test_kbnt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"weco.oss-eu-central-1.aliyuncs.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356748/; classtype:trojan-activity;sid:84219848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356749)"; flow:established,from_client; content:"GET"; http_method; content:"/b6fab9a8-3dab-4bf8-a2cb-b955b0c00ce8-11f44531fb088d31307d87b01e8eabff.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"files-ld.s3.us-east-2.amazonaws.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356749/; classtype:trojan-activity;sid:84219849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356751)"; flow:established,from_client; content:"GET"; http_method; content:"/simple"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"weco.oss-eu-central-1.aliyuncs.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356751/; classtype:trojan-activity;sid:84219851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356732)"; flow:established,from_client; content:"GET"; http_method; content:"/worldwindclient.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356732/; classtype:trojan-activity;sid:84219832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356733)"; flow:established,from_client; content:"GET"; http_method; content:"/dyno-ai.png"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356733/; classtype:trojan-activity;sid:84219833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356723)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/kscan_windows_amd64.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"47.120.46.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356723/; classtype:trojan-activity;sid:84219823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356722)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/kscan_windows_arm64.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"47.120.46.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356722/; classtype:trojan-activity;sid:84219822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356721)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/fscan.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"47.120.46.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356721/; classtype:trojan-activity;sid:84219821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356720)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/mimikatz.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"47.120.46.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356720/; classtype:trojan-activity;sid:84219820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356719)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/winpeasx64.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.120.46.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356719/; classtype:trojan-activity;sid:84219819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356718)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/browserghost.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"47.120.46.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356718/; classtype:trojan-activity;sid:84219818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356717)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/realblindingedr.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"47.120.46.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356717/; classtype:trojan-activity;sid:84219817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356714)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/sigmapotato.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"47.120.46.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356714/; classtype:trojan-activity;sid:84219814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356715)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/sigmapotatocore.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"47.120.46.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356715/; classtype:trojan-activity;sid:84219815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356716)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/refs/heads/main/jignesh.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356716/; classtype:trojan-activity;sid:84219816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356713)"; flow:established,from_client; content:"GET"; http_method; content:"/cctv-security/rev/raw/main/client-built.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356713/; classtype:trojan-activity;sid:84219813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356705)"; flow:established,from_client; content:"GET"; http_method; content:"/mariolalo/myrec/refs/heads/main/notallowedtocrypt.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356705/; classtype:trojan-activity;sid:84219805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356581)"; flow:established,from_client; content:"GET"; http_method; content:"/270/audi.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"bruplong.oss-accelerate.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356581/; classtype:trojan-activity;sid:84219681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356572)"; flow:established,from_client; content:"GET"; http_method; content:"/sfyklight/vb-kaspersky-undetectedtable-crypter/raw/refs/heads/main/vb.net%20crypter%20v2.exe"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356572/; classtype:trojan-activity;sid:84219672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356471)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"a17rrr1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356471/; classtype:trojan-activity;sid:84219571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356463)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"a12xxx1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356463/; classtype:trojan-activity;sid:84219563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356464)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"a19ccc1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356464/; classtype:trojan-activity;sid:84219564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356465)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"a23uuu1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356465/; classtype:trojan-activity;sid:84219565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356466)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"a16eea1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356466/; classtype:trojan-activity;sid:84219566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356467)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"a15aaa1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356467/; classtype:trojan-activity;sid:84219567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356468)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"a18qqq1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356468/; classtype:trojan-activity;sid:84219568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356469)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"a26bbb1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356469/; classtype:trojan-activity;sid:84219569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356470)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"a11xxx1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356470/; classtype:trojan-activity;sid:84219570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356458)"; flow:established,from_client; content:"GET"; http_method; content:"/xm.ocx"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a16eea1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356458/; classtype:trojan-activity;sid:84219558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356459)"; flow:established,from_client; content:"GET"; http_method; content:"/xm.ocx"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a15aaa1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356459/; classtype:trojan-activity;sid:84219559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356460)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a16eea1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356460/; classtype:trojan-activity;sid:84219560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356461)"; flow:established,from_client; content:"GET"; http_method; content:"/xm.ocx"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a11xxx1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356461/; classtype:trojan-activity;sid:84219561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356462)"; flow:established,from_client; content:"GET"; http_method; content:"/xm.ocx"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a18qqq1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356462/; classtype:trojan-activity;sid:84219562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356457)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a11xxx1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356457/; classtype:trojan-activity;sid:84219557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356455)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a17rrr1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356455/; classtype:trojan-activity;sid:84219555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356456)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a26bbb1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356456/; classtype:trojan-activity;sid:84219556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356453)"; flow:established,from_client; content:"GET"; http_method; content:"/xm.ocx"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a26bbb1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356453/; classtype:trojan-activity;sid:84219553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356454)"; flow:established,from_client; content:"GET"; http_method; content:"/xm.ocx"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a12xxx1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356454/; classtype:trojan-activity;sid:84219554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356450)"; flow:established,from_client; content:"GET"; http_method; content:"/xm.ocx"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a23uuu1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356450/; classtype:trojan-activity;sid:84219550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356451)"; flow:established,from_client; content:"GET"; http_method; content:"/xm.ocx"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a19ccc1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356451/; classtype:trojan-activity;sid:84219551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356452)"; flow:established,from_client; content:"GET"; http_method; content:"/xm.ocx"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a17rrr1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356452/; classtype:trojan-activity;sid:84219552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356449)"; flow:established,from_client; content:"GET"; http_method; content:"/k360.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a16eea1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356449/; classtype:trojan-activity;sid:84219549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356447)"; flow:established,from_client; content:"GET"; http_method; content:"/k360.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a12xxx1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356447/; classtype:trojan-activity;sid:84219547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356448)"; flow:established,from_client; content:"GET"; http_method; content:"/k360.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a11xxx1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356448/; classtype:trojan-activity;sid:84219548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356441)"; flow:established,from_client; content:"GET"; http_method; content:"/k360.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a17rrr1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356441/; classtype:trojan-activity;sid:84219541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356442)"; flow:established,from_client; content:"GET"; http_method; content:"/k360.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a23uuu1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356442/; classtype:trojan-activity;sid:84219542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356443)"; flow:established,from_client; content:"GET"; http_method; content:"/k360.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a18qqq1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356443/; classtype:trojan-activity;sid:84219543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356444)"; flow:established,from_client; content:"GET"; http_method; content:"/k360.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a26bbb1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356444/; classtype:trojan-activity;sid:84219544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356446)"; flow:established,from_client; content:"GET"; http_method; content:"/k360.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a19ccc1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356446/; classtype:trojan-activity;sid:84219546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356181)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/refs/heads/main/runtimebroker.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356181/; classtype:trojan-activity;sid:84219281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356174)"; flow:established,from_client; content:"GET"; http_method; content:"/zls2024/not-download/refs/heads/main/discord.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356174/; classtype:trojan-activity;sid:84219274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356175)"; flow:established,from_client; content:"GET"; http_method; content:"/skibidisigmer/fncleanerv2/refs/heads/main/cleanerv2.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356175/; classtype:trojan-activity;sid:84219275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356176)"; flow:established,from_client; content:"GET"; http_method; content:"/nakuss/dwdwadwa/refs/heads/main/client-built.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356176/; classtype:trojan-activity;sid:84219276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356177)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/refs/heads/main/client-built.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356177/; classtype:trojan-activity;sid:84219277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356178)"; flow:established,from_client; content:"GET"; http_method; content:"/bormasina/test/refs/heads/main/defender64.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356178/; classtype:trojan-activity;sid:84219278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356179)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/refs/heads/main/1434orz.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356179/; classtype:trojan-activity;sid:84219279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356180)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/refs/heads/main/client-built.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356180/; classtype:trojan-activity;sid:84219280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356165)"; flow:established,from_client; content:"GET"; http_method; content:"/tpinauskas/anticheat/refs/heads/main/amogus.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356165/; classtype:trojan-activity;sid:84219265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356166)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/discord/refs/heads/main/client-built.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356166/; classtype:trojan-activity;sid:84219266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356167)"; flow:established,from_client; content:"GET"; http_method; content:"/imaeewy/about-me/refs/heads/main/client-built.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356167/; classtype:trojan-activity;sid:84219267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356168)"; flow:established,from_client; content:"GET"; http_method; content:"/blazedbottle/rat/refs/heads/main/client-built.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356168/; classtype:trojan-activity;sid:84219268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356169)"; flow:established,from_client; content:"GET"; http_method; content:"/biseo0/neue/refs/heads/main/client-built.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356169/; classtype:trojan-activity;sid:84219269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356170)"; flow:established,from_client; content:"GET"; http_method; content:"/earthsetup/firtshopacc/refs/heads/main/registry.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356170/; classtype:trojan-activity;sid:84219270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356171)"; flow:established,from_client; content:"GET"; http_method; content:"/kees5462/this-is-a-roblox-external-cheat-best-one-out-there/refs/heads/main/java.exe"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356171/; classtype:trojan-activity;sid:84219271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356172)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/refs/heads/main/sgvp%20client%20program.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356172/; classtype:trojan-activity;sid:84219272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356173)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/refs/heads/main/kys.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356173/; classtype:trojan-activity;sid:84219273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356162)"; flow:established,from_client; content:"GET"; http_method; content:"/xevioo/xeviohub/refs/heads/main/critscript.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356162/; classtype:trojan-activity;sid:84219262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356163)"; flow:established,from_client; content:"GET"; http_method; content:"/tezx11/imgui/refs/heads/main/example_win32_dx11.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356163/; classtype:trojan-activity;sid:84219263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356160)"; flow:established,from_client; content:"GET"; http_method; content:"/earthsetup/firtshopacc/refs/heads/main/runtime%20broker.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356160/; classtype:trojan-activity;sid:84219260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356161)"; flow:established,from_client; content:"GET"; http_method; content:"/cctv-security/rev/refs/heads/main/client-built.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356161/; classtype:trojan-activity;sid:84219261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356158)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/refs/heads/main/executablelol.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356158/; classtype:trojan-activity;sid:84219258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356159)"; flow:established,from_client; content:"GET"; http_method; content:"/xerussploit/spectrum/refs/heads/main/spectrum.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356159/; classtype:trojan-activity;sid:84219259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356157)"; flow:established,from_client; content:"GET"; http_method; content:"/nakuss/erth/refs/heads/main/wenzcord.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356157/; classtype:trojan-activity;sid:84219257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356156)"; flow:established,from_client; content:"GET"; http_method; content:"/eliasgay23/123/refs/heads/main/svhost.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356156/; classtype:trojan-activity;sid:84219256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356145)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/refs/heads/main/fast%20download.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356145/; classtype:trojan-activity;sid:84219245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356146)"; flow:established,from_client; content:"GET"; http_method; content:"/horiffy/sentil/refs/heads/main/sentil.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356146/; classtype:trojan-activity;sid:84219246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356147)"; flow:established,from_client; content:"GET"; http_method; content:"/raz233/rgdgdrg/refs/heads/main/client.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356147/; classtype:trojan-activity;sid:84219247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356148)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmedk97/xwqd21waddqwdv/refs/heads/main/server.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356148/; classtype:trojan-activity;sid:84219248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356149)"; flow:established,from_client; content:"GET"; http_method; content:"/qwuxu/ghjtdfghnfg/refs/heads/main/newest.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356149/; classtype:trojan-activity;sid:84219249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356150)"; flow:established,from_client; content:"GET"; http_method; content:"/qwuxu/ghjtdfghnfg/refs/heads/main/cnct.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356150/; classtype:trojan-activity;sid:84219250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356151)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/refs/heads/main/skibidi.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356151/; classtype:trojan-activity;sid:84219251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356153)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/refs/heads/main/vanilla.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356153/; classtype:trojan-activity;sid:84219253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356137)"; flow:established,from_client; content:"GET"; http_method; content:"/sleepysnz/skibidi/refs/heads/main/client-built.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356137/; classtype:trojan-activity;sid:84219237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356138)"; flow:established,from_client; content:"GET"; http_method; content:"/imaeewy/about-me/refs/heads/main/installer.exe.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356138/; classtype:trojan-activity;sid:84219238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356139)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/refs/heads/main/lmao.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356139/; classtype:trojan-activity;sid:84219239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356140)"; flow:established,from_client; content:"GET"; http_method; content:"/xcocgt/priv1/refs/heads/main/testme.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356140/; classtype:trojan-activity;sid:84219240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356141)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/refs/heads/main/negarque.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356141/; classtype:trojan-activity;sid:84219241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356142)"; flow:established,from_client; content:"GET"; http_method; content:"/unix-cmd/dev/refs/heads/main/installer.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356142/; classtype:trojan-activity;sid:84219242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356143)"; flow:established,from_client; content:"GET"; http_method; content:"/cctv-security/rev/main/client-built.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356143/; classtype:trojan-activity;sid:84219243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356135)"; flow:established,from_client; content:"GET"; http_method; content:"/monkey958/sdasd/refs/heads/main/856.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356135/; classtype:trojan-activity;sid:84219235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356136)"; flow:established,from_client; content:"GET"; http_method; content:"/tezx11/imgui/refs/heads/main/runtimebroker.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356136/; classtype:trojan-activity;sid:84219236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356134)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0xylife/asyncrat/refs/heads/main/asyncrat_09.02.2022.txt"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356134/; classtype:trojan-activity;sid:84219234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356133)"; flow:established,from_client; content:"GET"; http_method; content:"/grozniy1/folder/refs/heads/main/444.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356133/; classtype:trojan-activity;sid:84219233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356132)"; flow:established,from_client; content:"GET"; http_method; content:"/impar0/tryyy/refs/heads/main/client.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356132/; classtype:trojan-activity;sid:84219232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356126)"; flow:established,from_client; content:"GET"; http_method; content:"/qwuxu/ghjtdfghnfg/refs/heads/main/joiner.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356126/; classtype:trojan-activity;sid:84219226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356127)"; flow:established,from_client; content:"GET"; http_method; content:"/krevedko3221/porno/refs/heads/main/mos%20ssssttttt.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356127/; classtype:trojan-activity;sid:84219227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356128)"; flow:established,from_client; content:"GET"; http_method; content:"/h4ck3dv0d4/terminal-test/refs/heads/main/terminal_9235.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356128/; classtype:trojan-activity;sid:84219228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356129)"; flow:established,from_client; content:"GET"; http_method; content:"/eluwnkaquxi/elcio/refs/heads/main/server1.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356129/; classtype:trojan-activity;sid:84219229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356130)"; flow:established,from_client; content:"GET"; http_method; content:"/qwuxu/ghjtdfghnfg/refs/heads/main/startup.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356130/; classtype:trojan-activity;sid:84219230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356131)"; flow:established,from_client; content:"GET"; http_method; content:"/xcocgt/priv1/refs/heads/main/microsoft_hardware_launch.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356131/; classtype:trojan-activity;sid:84219231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356121)"; flow:established,from_client; content:"GET"; http_method; content:"/mentaliczz/bloxflippredictor-v2/refs/heads/main/bloxflip%20predictor.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356121/; classtype:trojan-activity;sid:84219221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356122)"; flow:established,from_client; content:"GET"; http_method; content:"/nxrecxxil/syndicate/refs/heads/main/main.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356122/; classtype:trojan-activity;sid:84219222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356124)"; flow:established,from_client; content:"GET"; http_method; content:"/paketpk/trojan/refs/heads/main/njsilent.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356124/; classtype:trojan-activity;sid:84219224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356125)"; flow:established,from_client; content:"GET"; http_method; content:"/babskai/vir-s/refs/heads/main/aaa%20(3).exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356125/; classtype:trojan-activity;sid:84219225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356117)"; flow:established,from_client; content:"GET"; http_method; content:"/toxicxz/fnaf-1/refs/heads/main/fusca%20game.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356117/; classtype:trojan-activity;sid:84219217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356118)"; flow:established,from_client; content:"GET"; http_method; content:"/deroxs/powerrat-leak/refs/heads/main/powerrat.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356118/; classtype:trojan-activity;sid:84219218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356119)"; flow:established,from_client; content:"GET"; http_method; content:"/qwuxu/ghjtdfghnfg/refs/heads/main/lastest.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356119/; classtype:trojan-activity;sid:84219219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356112)"; flow:established,from_client; content:"GET"; http_method; content:"/krishnatherock9673/krishna22/refs/heads/main/krishna33.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356112/; classtype:trojan-activity;sid:84219212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356113)"; flow:established,from_client; content:"GET"; http_method; content:"/itschangat/test/refs/heads/main/system.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356113/; classtype:trojan-activity;sid:84219213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356114)"; flow:established,from_client; content:"GET"; http_method; content:"/orospuccocugu/aaaaaa/refs/heads/main/enai2.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356114/; classtype:trojan-activity;sid:84219214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356115)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/refs/heads/main/discord2.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356115/; classtype:trojan-activity;sid:84219215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.150.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356043/; classtype:trojan-activity;sid:84219143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"172.73.72.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354003/; classtype:trojan-activity;sid:84217103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353992)"; flow:established,from_client; content:"GET"; http_method; content:"/download/gold.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"193.143.1.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353992/; classtype:trojan-activity;sid:84217092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353991)"; flow:established,from_client; content:"GET"; http_method; content:"/download/av.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.143.1.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353991/; classtype:trojan-activity;sid:84217091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353968)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.127.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353968/; classtype:trojan-activity;sid:84217068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353959)"; flow:established,from_client; content:"GET"; http_method; content:"/cavxsy/crazy.spoofer/raw/refs/heads/main/loader.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353959/; classtype:trojan-activity;sid:84217059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353957)"; flow:established,from_client; content:"GET"; http_method; content:"/rookievip/xx/main/loader.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353957/; classtype:trojan-activity;sid:84217057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353867)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353867/; classtype:trojan-activity;sid:84216967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353868)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353868/; classtype:trojan-activity;sid:84216968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353632)"; flow:established,from_client; content:"GET"; http_method; content:"/0210/v"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353632/; classtype:trojan-activity;sid:84216732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353609)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/qq0nddljve5fbkxrgqqa.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353609/; classtype:trojan-activity;sid:84216709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353610)"; flow:established,from_client; content:"GET"; http_method; content:"/2108/ijpigioclbcwbidbk0sr.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353610/; classtype:trojan-activity;sid:84216710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353603)"; flow:established,from_client; content:"GET"; http_method; content:"/1109/s"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353603/; classtype:trojan-activity;sid:84216703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353607)"; flow:established,from_client; content:"GET"; http_method; content:"/d/s44"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353607/; classtype:trojan-activity;sid:84216707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353598)"; flow:established,from_client; content:"GET"; http_method; content:"/2009/v"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353598/; classtype:trojan-activity;sid:84216698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353599)"; flow:established,from_client; content:"GET"; http_method; content:"/0911/r"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353599/; classtype:trojan-activity;sid:84216699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353588)"; flow:established,from_client; content:"GET"; http_method; content:"/2108/file"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353588/; classtype:trojan-activity;sid:84216688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353589)"; flow:established,from_client; content:"GET"; http_method; content:"/2509/r"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353589/; classtype:trojan-activity;sid:84216689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353590)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/b15xm0jm9zzmzcn8y57g.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353590/; classtype:trojan-activity;sid:84216690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353578)"; flow:established,from_client; content:"GET"; http_method; content:"/1211/file"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353578/; classtype:trojan-activity;sid:84216678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353581)"; flow:established,from_client; content:"GET"; http_method; content:"/1608/r"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353581/; classtype:trojan-activity;sid:84216681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353570)"; flow:established,from_client; content:"GET"; http_method; content:"/2509/s"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353570/; classtype:trojan-activity;sid:84216670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353566)"; flow:established,from_client; content:"GET"; http_method; content:"/0911/file"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353566/; classtype:trojan-activity;sid:84216666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353557)"; flow:established,from_client; content:"GET"; http_method; content:"/2108/hmv3stflgux49v1bfdvw.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353557/; classtype:trojan-activity;sid:84216657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353553)"; flow:established,from_client; content:"GET"; http_method; content:"/1211/4o9eihfoasgaxbfkfd5h.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353553/; classtype:trojan-activity;sid:84216653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353554)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/2srkxnyhdkvfkznjfsvx.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353554/; classtype:trojan-activity;sid:84216654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353556)"; flow:established,from_client; content:"GET"; http_method; content:"/2108/s"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353556/; classtype:trojan-activity;sid:84216656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353540)"; flow:established,from_client; content:"GET"; http_method; content:"/0210/r"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353540/; classtype:trojan-activity;sid:84216640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353541)"; flow:established,from_client; content:"GET"; http_method; content:"/0311/r"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353541/; classtype:trojan-activity;sid:84216641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353543)"; flow:established,from_client; content:"GET"; http_method; content:"/0210/s"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353543/; classtype:trojan-activity;sid:84216643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353544)"; flow:established,from_client; content:"GET"; http_method; content:"/0311/file"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353544/; classtype:trojan-activity;sid:84216644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353538)"; flow:established,from_client; content:"GET"; http_method; content:"/0311/s"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353538/; classtype:trojan-activity;sid:84216638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353539)"; flow:established,from_client; content:"GET"; http_method; content:"/0210/file"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353539/; classtype:trojan-activity;sid:84216639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353415)"; flow:established,from_client; content:"GET"; http_method; content:"/yusuf216/sshport/refs/heads/main/benpolatalemdar.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353415/; classtype:trojan-activity;sid:84216515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353408)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/refs/heads/main/discord.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353408/; classtype:trojan-activity;sid:84216508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353409)"; flow:established,from_client; content:"GET"; http_method; content:"/azurerex/napewnonievoiderhook/refs/heads/main/seksiak.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353409/; classtype:trojan-activity;sid:84216509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353410)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/refs/heads/main/injector.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353410/; classtype:trojan-activity;sid:84216510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353411)"; flow:established,from_client; content:"GET"; http_method; content:"/therealastro666/lolz/refs/heads/main/built.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353411/; classtype:trojan-activity;sid:84216511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353412)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/refs/heads/main/client-built.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353412/; classtype:trojan-activity;sid:84216512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353405)"; flow:established,from_client; content:"GET"; http_method; content:"/luisphantom/vemom/refs/heads/main/svhost.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353405/; classtype:trojan-activity;sid:84216505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353406)"; flow:established,from_client; content:"GET"; http_method; content:"/luisphantom/vemom/refs/heads/main/mmo%201.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353406/; classtype:trojan-activity;sid:84216506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353407)"; flow:established,from_client; content:"GET"; http_method; content:"/faokun1/aaa/refs/heads/main/client-built.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353407/; classtype:trojan-activity;sid:84216507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353404)"; flow:established,from_client; content:"GET"; http_method; content:"/rimase12/urika/refs/heads/main/perviy.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353404/; classtype:trojan-activity;sid:84216504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353403)"; flow:established,from_client; content:"GET"; http_method; content:"/fericarr/newky/refs/heads/main/prueba.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353403/; classtype:trojan-activity;sid:84216503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353401)"; flow:established,from_client; content:"GET"; http_method; content:"/692-ez/ratta/refs/heads/main/com%20surrogate.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353401/; classtype:trojan-activity;sid:84216501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353402)"; flow:established,from_client; content:"GET"; http_method; content:"/iamgelogger233/imagelogger/refs/heads/main/imagelogger.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353402/; classtype:trojan-activity;sid:84216502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353397)"; flow:established,from_client; content:"GET"; http_method; content:"/lohoainam/-at/refs/heads/main/xclient.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353397/; classtype:trojan-activity;sid:84216497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353398)"; flow:established,from_client; content:"GET"; http_method; content:"/rimase12/urika/refs/heads/main/vtoroy.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353398/; classtype:trojan-activity;sid:84216498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353399)"; flow:established,from_client; content:"GET"; http_method; content:"/692-ez/ratta/refs/heads/main/msedge.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353399/; classtype:trojan-activity;sid:84216499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353400)"; flow:established,from_client; content:"GET"; http_method; content:"/stukit/svhoste/refs/heads/main/svhoste.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353400/; classtype:trojan-activity;sid:84216500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353395)"; flow:established,from_client; content:"GET"; http_method; content:"/692-ez/ratta/refs/heads/main/msedge..exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353395/; classtype:trojan-activity;sid:84216495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353396)"; flow:established,from_client; content:"GET"; http_method; content:"/yusuf216/sshport/refs/heads/main/evetbeta.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353396/; classtype:trojan-activity;sid:84216496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353393)"; flow:established,from_client; content:"GET"; http_method; content:"/quas_brout_ncrypt.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"93.176.52.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353393/; classtype:trojan-activity;sid:84216493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353383)"; flow:established,from_client; content:"GET"; http_method; content:"/luisphantom/vemom/refs/heads/main/client-built.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353383/; classtype:trojan-activity;sid:84216483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353385)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/refs/heads/main/x.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353385/; classtype:trojan-activity;sid:84216485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353387)"; flow:established,from_client; content:"GET"; http_method; content:"/luisphantom/vemom/refs/heads/main/money.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353387/; classtype:trojan-activity;sid:84216487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353388)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/refs/heads/main/sgvp%20client%20system.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353388/; classtype:trojan-activity;sid:84216488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353389)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/refs/heads/main/fud2.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353389/; classtype:trojan-activity;sid:84216489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353381)"; flow:established,from_client; content:"GET"; http_method; content:"/therealastro666/lolz/refs/heads/main/client-built.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353381/; classtype:trojan-activity;sid:84216481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353382)"; flow:established,from_client; content:"GET"; http_method; content:"/blazedbottle/rat/refs/heads/main/client-built-playit.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353382/; classtype:trojan-activity;sid:84216482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353380)"; flow:established,from_client; content:"GET"; http_method; content:"/valofficial/client-follower/refs/heads/main/client-built.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353380/; classtype:trojan-activity;sid:84216480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353379)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/refs/heads/main/test.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353379/; classtype:trojan-activity;sid:84216479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353376)"; flow:established,from_client; content:"GET"; http_method; content:"/ozcanpng/backd00r/refs/heads/main/backd00rhome.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353376/; classtype:trojan-activity;sid:84216476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353372)"; flow:established,from_client; content:"GET"; http_method; content:"/fengjixuchui/cve-2022-26810/refs/heads/main/shellcode.bin"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353372/; classtype:trojan-activity;sid:84216472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353374)"; flow:established,from_client; content:"GET"; http_method; content:"/aavaahanan121/tools/refs/heads/main/kali_tools.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353374/; classtype:trojan-activity;sid:84216474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353361)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/refs/heads/main/discord.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353361/; classtype:trojan-activity;sid:84216461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353362)"; flow:established,from_client; content:"GET"; http_method; content:"/earthsetup/firtshopacc/refs/heads/main/tcp.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353362/; classtype:trojan-activity;sid:84216462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353363)"; flow:established,from_client; content:"GET"; http_method; content:"/videoxfrx/crealstealer/refs/heads/main/creal.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353363/; classtype:trojan-activity;sid:84216463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353358)"; flow:established,from_client; content:"GET"; http_method; content:"/jzmvip/jzmfreetool/main/shell.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353358/; classtype:trojan-activity;sid:84216458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353359)"; flow:established,from_client; content:"GET"; http_method; content:"/jackedmicheal/ccenty/refs/heads/main/crspoofer.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353359/; classtype:trojan-activity;sid:84216459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353360)"; flow:established,from_client; content:"GET"; http_method; content:"/jzmvip/jzmfreetool/refs/heads/main/shell.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353360/; classtype:trojan-activity;sid:84216460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353354)"; flow:established,from_client; content:"GET"; http_method; content:"/aavaahanan121/tools/refs/heads/main/fern_wifi_recon%252.34.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353354/; classtype:trojan-activity;sid:84216454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353355)"; flow:established,from_client; content:"GET"; http_method; content:"/jzmvip/jzmfreetool/refs/heads/main/asyncclient.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353355/; classtype:trojan-activity;sid:84216455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353356)"; flow:established,from_client; content:"GET"; http_method; content:"/mhemon404/project01/refs/heads/main/system404.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353356/; classtype:trojan-activity;sid:84216456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353357)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/refs/heads/main/discordd.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353357/; classtype:trojan-activity;sid:84216457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353352)"; flow:established,from_client; content:"GET"; http_method; content:"/quas_autre_ncrypt.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"93.176.52.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353352/; classtype:trojan-activity;sid:84216452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353347)"; flow:established,from_client; content:"GET"; http_method; content:"/tiraundercode/rev/raw/main/client-built.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353347/; classtype:trojan-activity;sid:84216447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353348)"; flow:established,from_client; content:"GET"; http_method; content:"/deroxs/powerrat-leak/raw/refs/heads/main/powerrat.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353348/; classtype:trojan-activity;sid:84216448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353349)"; flow:established,from_client; content:"GET"; http_method; content:"/resources/js/info2r.txt/"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"188.81.134.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353349/; classtype:trojan-activity;sid:84216449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353332)"; flow:established,from_client; content:"GET"; http_method; content:"/jzmvip/jzmfreetool/raw/main/shell.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353332/; classtype:trojan-activity;sid:84216432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353333)"; flow:established,from_client; content:"GET"; http_method; content:"/dlc_update.data"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"8.138.96.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353333/; classtype:trojan-activity;sid:84216433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353334)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/raw/main/discordd.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353334/; classtype:trojan-activity;sid:84216434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353335)"; flow:established,from_client; content:"GET"; http_method; content:"/orospuccocugu/aaaaaa/refs/heads/main/anne.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353335/; classtype:trojan-activity;sid:84216435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353330)"; flow:established,from_client; content:"GET"; http_method; content:"/ducminh23/ddosv1/refs/heads/main/ddosziller.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353330/; classtype:trojan-activity;sid:84216430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353331)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/main/discordd.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353331/; classtype:trojan-activity;sid:84216431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353320)"; flow:established,from_client; content:"GET"; http_method; content:"/babskai/vir-s/refs/heads/main/asyncclient.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353320/; classtype:trojan-activity;sid:84216420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353321)"; flow:established,from_client; content:"GET"; http_method; content:"/realmastercoder69/daww/refs/heads/main/loader.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353321/; classtype:trojan-activity;sid:84216421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353319)"; flow:established,from_client; content:"GET"; http_method; content:"/cfedss/exe/refs/heads/main/solara_protect.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353319/; classtype:trojan-activity;sid:84216419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353318)"; flow:established,from_client; content:"GET"; http_method; content:"/tacvip/file3.mentah"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353318/; classtype:trojan-activity;sid:84216418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353317)"; flow:established,from_client; content:"GET"; http_method; content:"/sumatra/file3.mentah"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353317/; classtype:trojan-activity;sid:84216417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353316)"; flow:established,from_client; content:"GET"; http_method; content:"/senju/senju_simple_vp.rar"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353316/; classtype:trojan-activity;sid:84216416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353314)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/n5hl9mgl.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353314/; classtype:trojan-activity;sid:84216414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353315)"; flow:established,from_client; content:"GET"; http_method; content:"/fvc/injek3.mentah"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353315/; classtype:trojan-activity;sid:84216415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353312)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/jwnv23gb.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353312/; classtype:trojan-activity;sid:84216412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353313)"; flow:established,from_client; content:"GET"; http_method; content:"/azurerex/napewnonievoiderhook/refs/heads/main/sharpmonoinjector.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353313/; classtype:trojan-activity;sid:84216413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353310)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/simple3.mentah"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353310/; classtype:trojan-activity;sid:84216410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353309)"; flow:established,from_client; content:"GET"; http_method; content:"/egn/file3.mentah"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353309/; classtype:trojan-activity;sid:84216409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353307)"; flow:established,from_client; content:"GET"; http_method; content:"/xacker-volk/justmyrat/refs/heads/main/njrat%20dangerous.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353307/; classtype:trojan-activity;sid:84216407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353304)"; flow:established,from_client; content:"GET"; http_method; content:"/koala/injek3.mentah"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353304/; classtype:trojan-activity;sid:84216404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353306)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypted_uclient.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353306/; classtype:trojan-activity;sid:84216406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353300)"; flow:established,from_client; content:"GET"; http_method; content:"/xcd/simple3.mentah"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353300/; classtype:trojan-activity;sid:84216400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353301)"; flow:established,from_client; content:"GET"; http_method; content:"/enjoyers/injeksimple3.mentah"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353301/; classtype:trojan-activity;sid:84216401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353303)"; flow:established,from_client; content:"GET"; http_method; content:"/xcd/file3.mentah"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353303/; classtype:trojan-activity;sid:84216403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353296)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/file3.mentah"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353296/; classtype:trojan-activity;sid:84216396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353297)"; flow:established,from_client; content:"GET"; http_method; content:"/vvipejy/vvipejy_hard_vp.rar"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353297/; classtype:trojan-activity;sid:84216397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353298)"; flow:established,from_client; content:"GET"; http_method; content:"/sumatra/simple3.mentah"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353298/; classtype:trojan-activity;sid:84216398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353299)"; flow:established,from_client; content:"GET"; http_method; content:"/fvc/file3.mentah"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353299/; classtype:trojan-activity;sid:84216399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353294)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/injekkey.mentah"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353294/; classtype:trojan-activity;sid:84216394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353295)"; flow:established,from_client; content:"GET"; http_method; content:"/fvc/simple3.mentah"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353295/; classtype:trojan-activity;sid:84216395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353285)"; flow:established,from_client; content:"GET"; http_method; content:"/tacvip/injek3.mentah"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353285/; classtype:trojan-activity;sid:84216385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353286)"; flow:established,from_client; content:"GET"; http_method; content:"/egn/injek3.mentah"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353286/; classtype:trojan-activity;sid:84216386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353287)"; flow:established,from_client; content:"GET"; http_method; content:"/xcd/injeksimple3.mentah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353287/; classtype:trojan-activity;sid:84216387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353288)"; flow:established,from_client; content:"GET"; http_method; content:"/sumatra/injeksimple3.mentah"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353288/; classtype:trojan-activity;sid:84216388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353289)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/injek3.mentah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353289/; classtype:trojan-activity;sid:84216389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353290)"; flow:established,from_client; content:"GET"; http_method; content:"/vvipejy/injek3.mentah"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353290/; classtype:trojan-activity;sid:84216390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353291)"; flow:established,from_client; content:"GET"; http_method; content:"/vvipejy/vvipejy_simple_vp.rar"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353291/; classtype:trojan-activity;sid:84216391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353292)"; flow:established,from_client; content:"GET"; http_method; content:"/enjoyers/simple3.mentah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353292/; classtype:trojan-activity;sid:84216392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353293)"; flow:established,from_client; content:"GET"; http_method; content:"/egn/simple3.mentah"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353293/; classtype:trojan-activity;sid:84216393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353284)"; flow:established,from_client; content:"GET"; http_method; content:"/egn/injeksimple3.mentah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353284/; classtype:trojan-activity;sid:84216384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353280)"; flow:established,from_client; content:"GET"; http_method; content:"/xcd/injek3.mentah"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353280/; classtype:trojan-activity;sid:84216380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353281)"; flow:established,from_client; content:"GET"; http_method; content:"/sumatra/injek3.mentah"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353281/; classtype:trojan-activity;sid:84216381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353282)"; flow:established,from_client; content:"GET"; http_method; content:"/e991/injeksimple3.mentah"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353282/; classtype:trojan-activity;sid:84216382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353283)"; flow:established,from_client; content:"GET"; http_method; content:"/fvc/injeksimple3.mentah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353283/; classtype:trojan-activity;sid:84216383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353277)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/alex12344.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353277/; classtype:trojan-activity;sid:84216377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353278)"; flow:established,from_client; content:"GET"; http_method; content:"/xnn/injek3.mentah"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353278/; classtype:trojan-activity;sid:84216378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353275)"; flow:established,from_client; content:"GET"; http_method; content:"/vvipejy/injeksimple3.mentah"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353275/; classtype:trojan-activity;sid:84216375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353271)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/injeksimple3.mentah"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353271/; classtype:trojan-activity;sid:84216371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353264)"; flow:established,from_client; content:"GET"; http_method; content:"/zddtxxyxb.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353264/; classtype:trojan-activity;sid:84216364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353263)"; flow:established,from_client; content:"GET"; http_method; content:"/xc.zip"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353263/; classtype:trojan-activity;sid:84216363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353261)"; flow:established,from_client; content:"GET"; http_method; content:"/without_hook.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353261/; classtype:trojan-activity;sid:84216361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353260)"; flow:established,from_client; content:"GET"; http_method; content:"/tinynote.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353260/; classtype:trojan-activity;sid:84216360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353258)"; flow:established,from_client; content:"GET"; http_method; content:"/boot"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353258/; classtype:trojan-activity;sid:84216358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353259)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/ipc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353259/; classtype:trojan-activity;sid:84216359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353257)"; flow:established,from_client; content:"GET"; http_method; content:"/ez_kiwi.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353257/; classtype:trojan-activity;sid:84216357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353253)"; flow:established,from_client; content:"GET"; http_method; content:"/musl-dbgsym_1.2.2-1_amd64.ddeb"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353253/; classtype:trojan-activity;sid:84216353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353255)"; flow:established,from_client; content:"GET"; http_method; content:"/pig.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353255/; classtype:trojan-activity;sid:84216355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353256)"; flow:established,from_client; content:"GET"; http_method; content:"/husk.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353256/; classtype:trojan-activity;sid:84216356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/billi_e58d74e455634dc695ed8a7b8b320325.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353250/; classtype:trojan-activity;sid:84216350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353251)"; flow:established,from_client; content:"GET"; http_method; content:"/master.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"92.127.156.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353251/; classtype:trojan-activity;sid:84216351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/billi_e58d74e455634dc695ed8a7b8b320325.exe.dom_1.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353242/; classtype:trojan-activity;sid:84216342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimispool.dll"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353243/; classtype:trojan-activity;sid:84216343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/billi_e58d74e455634dc695ed8a7b8b320325.exe.dom_2.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353244/; classtype:trojan-activity;sid:84216344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353245)"; flow:established,from_client; content:"GET"; http_method; content:"/gold.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hardcore-cartwright.194-26-192-76.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353245/; classtype:trojan-activity;sid:84216345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353246)"; flow:established,from_client; content:"GET"; http_method; content:"//google.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85.25.72.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353246/; classtype:trojan-activity;sid:84216346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353247)"; flow:established,from_client; content:"GET"; http_method; content:"/ldr.ps1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"194.38.23.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353247/; classtype:trojan-activity;sid:84216347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353237)"; flow:established,from_client; content:"GET"; http_method; content:"/out-encryptedscript.ps1"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353237/; classtype:trojan-activity;sid:84216337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/billi_e58d74e455634dc695ed8a7b8b320325.exe.upx.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353238/; classtype:trojan-activity;sid:84216338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimikatz.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353234/; classtype:trojan-activity;sid:84216334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilib.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353235/; classtype:trojan-activity;sid:84216335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353231)"; flow:established,from_client; content:"GET"; http_method; content:"/sup.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353231/; classtype:trojan-activity;sid:84216331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353227)"; flow:established,from_client; content:"GET"; http_method; content:"/ez_kiwi"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353227/; classtype:trojan-activity;sid:84216327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353214)"; flow:established,from_client; content:"GET"; http_method; content:"/sys.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353214/; classtype:trojan-activity;sid:84216314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353215)"; flow:established,from_client; content:"GET"; http_method; content:"/1010-duck-01.png"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353215/; classtype:trojan-activity;sid:84216315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353216)"; flow:established,from_client; content:"GET"; http_method; content:"//chromesetup.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"85.25.72.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353216/; classtype:trojan-activity;sid:84216316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353212)"; flow:established,from_client; content:"GET"; http_method; content:"/oldxteam.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"hardcore-cartwright.194-26-192-76.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353212/; classtype:trojan-activity;sid:84216312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353206)"; flow:established,from_client; content:"GET"; http_method; content:"/e991/injek3.mentah"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353206/; classtype:trojan-activity;sid:84216306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353209)"; flow:established,from_client; content:"GET"; http_method; content:"/beetle/17.11.21/tools/run.hta"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"update.drp.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353209/; classtype:trojan-activity;sid:84216309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilove.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353189/; classtype:trojan-activity;sid:84216289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimidrv.sys"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353190/; classtype:trojan-activity;sid:84216290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353191)"; flow:established,from_client; content:"GET"; http_method; content:"/elf.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353191/; classtype:trojan-activity;sid:84216291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimispool.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353192/; classtype:trojan-activity;sid:84216292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353176)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%af%be%e4%bb%b6-%e7%ac%ac6%e8%af%be%e6%97%b6-910%e7%ab%a0%e8%8a%82.pptx"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353176/; classtype:trojan-activity;sid:84216276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353175)"; flow:established,from_client; content:"GET"; http_method; content:"/2022%e7%bd%91%e9%bc%8e%e6%9d%af%e5%8d%8a%e5%86%b3%e8%b5%9b.7z"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353175/; classtype:trojan-activity;sid:84216275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353174)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%89%af%e6%9c%ac21.3%e8%93%9d%e9%98%9f%e6%8a%a4%e7%bd%91%e9%9d%a2%e8%af%95%e8%b5%84%e6%96%99210303.xlsx"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353174/; classtype:trojan-activity;sid:84216274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353123)"; flow:established,from_client; content:"GET"; http_method; content:"/cqhack/ddos-script/refs/heads/master/cqhack.pl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353123/; classtype:trojan-activity;sid:84216223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352827)"; flow:established,from_client; content:"GET"; http_method; content:"/h3qq"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352827/; classtype:trojan-activity;sid:84215927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352828)"; flow:established,from_client; content:"GET"; http_method; content:"/c9ul"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352828/; classtype:trojan-activity;sid:84215928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352829)"; flow:established,from_client; content:"GET"; http_method; content:"/4kkr"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352829/; classtype:trojan-activity;sid:84215929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352830)"; flow:established,from_client; content:"GET"; http_method; content:"/f4nu"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352830/; classtype:trojan-activity;sid:84215930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352831)"; flow:established,from_client; content:"GET"; http_method; content:"/qpc9"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352831/; classtype:trojan-activity;sid:84215931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352821)"; flow:established,from_client; content:"GET"; http_method; content:"/kaijiorder/cert/2a.hta"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.92.99.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352821/; classtype:trojan-activity;sid:84215921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352816)"; flow:established,from_client; content:"GET"; http_method; content:"/2108/obaqiquigeflou8dltcj.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352816/; classtype:trojan-activity;sid:84215916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352814)"; flow:established,from_client; content:"GET"; http_method; content:"/1210/yntfjbwnfbowg4ulufdq.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352814/; classtype:trojan-activity;sid:84215914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352778)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/zhuanyong.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"47.120.46.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352778/; classtype:trojan-activity;sid:84215878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352779)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/amaterasu.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"47.120.46.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352779/; classtype:trojan-activity;sid:84215879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352780)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/expl.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"47.120.46.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352780/; classtype:trojan-activity;sid:84215880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352731)"; flow:established,from_client; content:"GET"; http_method; content:"/2210/bzhi5tgldjtr7zev5jqx.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352731/; classtype:trojan-activity;sid:84215831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352714)"; flow:established,from_client; content:"GET"; http_method; content:"/2210/9tqj1l0acstoaaukxfdj.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352714/; classtype:trojan-activity;sid:84215814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352716)"; flow:established,from_client; content:"GET"; http_method; content:"/0311/sqimesc8ajavco0ttspv.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352716/; classtype:trojan-activity;sid:84215816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352717)"; flow:established,from_client; content:"GET"; http_method; content:"/2210/hvunmw5el0eaudzupdtp.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352717/; classtype:trojan-activity;sid:84215817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352718)"; flow:established,from_client; content:"GET"; http_method; content:"/1109/wrzmqxbssmwyb2qdkw9h.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352718/; classtype:trojan-activity;sid:84215818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352720)"; flow:established,from_client; content:"GET"; http_method; content:"/2210/4ws9dqimj1paareckepe.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352720/; classtype:trojan-activity;sid:84215820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352726)"; flow:established,from_client; content:"GET"; http_method; content:"/0311/57lebogcb3a7e6kqctiw.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352726/; classtype:trojan-activity;sid:84215826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352730)"; flow:established,from_client; content:"GET"; http_method; content:"/0311/o7dsydtnwjwcvyipktkv.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352730/; classtype:trojan-activity;sid:84215830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352694)"; flow:established,from_client; content:"GET"; http_method; content:"/1211/htr8pg6rrt5fsvizke7d.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352694/; classtype:trojan-activity;sid:84215794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352695)"; flow:established,from_client; content:"GET"; http_method; content:"/0311/amirjky9q13q7okiklzy.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352695/; classtype:trojan-activity;sid:84215795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352697)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/wrtavgsvyf2jrub1wqw7.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352697/; classtype:trojan-activity;sid:84215797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352699)"; flow:established,from_client; content:"GET"; http_method; content:"/2210/znxmj4lbatbkopzrtsdq.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352699/; classtype:trojan-activity;sid:84215799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352700)"; flow:established,from_client; content:"GET"; http_method; content:"/2210/jwjb16fd41abaaxwv2mb.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352700/; classtype:trojan-activity;sid:84215800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352705)"; flow:established,from_client; content:"GET"; http_method; content:"/2108/9n4hxadf5dbhyxocs1di.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352705/; classtype:trojan-activity;sid:84215805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352706)"; flow:established,from_client; content:"GET"; http_method; content:"/1608/y9znrw1wf8w9e0v0wmlh.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352706/; classtype:trojan-activity;sid:84215806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352707)"; flow:established,from_client; content:"GET"; http_method; content:"/0311/wzcubt3gt3nerh5qpezz.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352707/; classtype:trojan-activity;sid:84215807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352708)"; flow:established,from_client; content:"GET"; http_method; content:"/2009/oylye4sfbdoxhbii3qyi.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352708/; classtype:trojan-activity;sid:84215808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352710)"; flow:established,from_client; content:"GET"; http_method; content:"/2210/r90xvdmgx8mkvhvdzrfs.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352710/; classtype:trojan-activity;sid:84215810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352711)"; flow:established,from_client; content:"GET"; http_method; content:"/0311/rru9jjrev9yrtqt6vj3c.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352711/; classtype:trojan-activity;sid:84215811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352586)"; flow:established,from_client; content:"GET"; http_method; content:"/comitheicon/volatus0.5/refs/heads/main/volatus0.5.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352586/; classtype:trojan-activity;sid:84215686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352462)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.37.34.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352462/; classtype:trojan-activity;sid:84215562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352459)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"165.154.244.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352459/; classtype:trojan-activity;sid:84215559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352456)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.126.21.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352456/; classtype:trojan-activity;sid:84215556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352447)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"110.41.2.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352447/; classtype:trojan-activity;sid:84215547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352442)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.94.63.197"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352442/; classtype:trojan-activity;sid:84215542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352420)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.93.243.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352420/; classtype:trojan-activity;sid:84215520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352356)"; flow:established,from_client; content:"GET"; http_method; content:"/k53xupn43/i965652f/raw/main/exclude.ps1"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352356/; classtype:trojan-activity;sid:84215456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352354)"; flow:established,from_client; content:"GET"; http_method; content:"/k53xupn43/i965652f/raw/main/m.ps1"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352354/; classtype:trojan-activity;sid:84215454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352351)"; flow:established,from_client; content:"GET"; http_method; content:"/k53xupn43/i965652f/refs/heads/main/m.ps1"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352351/; classtype:trojan-activity;sid:84215451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352313)"; flow:established,from_client; content:"GET"; http_method; content:"/rvn.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352313/; classtype:trojan-activity;sid:84215413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352303)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/drg/rtc/f3dll.txt"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352303/; classtype:trojan-activity;sid:84215403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352304)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/x2.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352304/; classtype:trojan-activity;sid:84215404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352305)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/j1.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352305/; classtype:trojan-activity;sid:84215405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352306)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/a1.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352306/; classtype:trojan-activity;sid:84215406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352307)"; flow:established,from_client; content:"GET"; http_method; content:"/236236236"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352307/; classtype:trojan-activity;sid:84215407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352308)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/envs/dj1.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352308/; classtype:trojan-activity;sid:84215408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352310)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/k1r.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352310/; classtype:trojan-activity;sid:84215410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352311)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/k1.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352311/; classtype:trojan-activity;sid:84215411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352312)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/ark.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352312/; classtype:trojan-activity;sid:84215412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352290)"; flow:established,from_client; content:"GET"; http_method; content:"/754468"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352290/; classtype:trojan-activity;sid:84215390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352261)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic4.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sufikhat.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352261/; classtype:trojan-activity;sid:84215361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352266)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic3.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sufikhat.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352266/; classtype:trojan-activity;sid:84215366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352236)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0niums/sgjdghjlkahjodfjgipodhpadfhjpghj/raw/main/helper.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352236/; classtype:trojan-activity;sid:84215336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352232)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0niums/repo/raw/main/nvidia.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352232/; classtype:trojan-activity;sid:84215332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352233)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0niums/repo/raw/main/nvidias.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352233/; classtype:trojan-activity;sid:84215333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352230)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0niums/repo/refs/heads/main/zz.txt"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352230/; classtype:trojan-activity;sid:84215330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352231)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0niums/repo/refs/heads/main/z3.txt"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352231/; classtype:trojan-activity;sid:84215331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352229)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0niums/repo/refs/heads/main/z.txt"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352229/; classtype:trojan-activity;sid:84215329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352228)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0niums/repo/raw/refs/heads/main/nvidias.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352228/; classtype:trojan-activity;sid:84215328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352208)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0niums/repo/refs/heads/main/zzz.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352208/; classtype:trojan-activity;sid:84215308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352182)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/roblox.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352182/; classtype:trojan-activity;sid:84215282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352181)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/roblox.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352181/; classtype:trojan-activity;sid:84215281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352180)"; flow:established,from_client; content:"GET"; http_method; content:"/fru7nk9/plugins/cred.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352180/; classtype:trojan-activity;sid:84215280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352178)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/sintv.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352178/; classtype:trojan-activity;sid:84215278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352179)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/sintv.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352179/; classtype:trojan-activity;sid:84215279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352176)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/jsawdtyjde.exe|3f|b"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352176/; classtype:trojan-activity;sid:84215276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352177)"; flow:established,from_client; content:"GET"; http_method; content:"/fru7nk9/plugins/cred64.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352177/; classtype:trojan-activity;sid:84215277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352174)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/goldlummaa.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352174/; classtype:trojan-activity;sid:84215274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352175)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/goldlummaa.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352175/; classtype:trojan-activity;sid:84215275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352168)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"banthis.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352168/; classtype:trojan-activity;sid:84215268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352166)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"banthis.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352166/; classtype:trojan-activity;sid:84215266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352165)"; flow:established,from_client; content:"GET"; http_method; content:"/tarm6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"banthis.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352165/; classtype:trojan-activity;sid:84215265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352157)"; flow:established,from_client; content:"GET"; http_method; content:"/hmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"banthis.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352157/; classtype:trojan-activity;sid:84215257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352158)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"banthis.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352158/; classtype:trojan-activity;sid:84215258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352159)"; flow:established,from_client; content:"GET"; http_method; content:"/darm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"banthis.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352159/; classtype:trojan-activity;sid:84215259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352144)"; flow:established,from_client; content:"GET"; http_method; content:"/tarm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"banthis.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352144/; classtype:trojan-activity;sid:84215244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352145)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"banthis.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352145/; classtype:trojan-activity;sid:84215245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352147)"; flow:established,from_client; content:"GET"; http_method; content:"/tmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"banthis.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352147/; classtype:trojan-activity;sid:84215247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352148)"; flow:established,from_client; content:"GET"; http_method; content:"/tarm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"banthis.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352148/; classtype:trojan-activity;sid:84215248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352149)"; flow:established,from_client; content:"GET"; http_method; content:"/tsh4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"banthis.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352149/; classtype:trojan-activity;sid:84215249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352150)"; flow:established,from_client; content:"GET"; http_method; content:"/tarm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"banthis.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352150/; classtype:trojan-activity;sid:84215250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"47.208.201.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352081/; classtype:trojan-activity;sid:84215181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.208.201.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352065/; classtype:trojan-activity;sid:84215165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351965)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/raw/refs/heads/main/.5r3fqt67ew531has4231.mpsl"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351965/; classtype:trojan-activity;sid:84215065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351967)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/raw/refs/heads/main/.5r3fqt67ew531has4231.mips"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351967/; classtype:trojan-activity;sid:84215067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351962)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/ksdeuf/raw/refs/heads/main/armv7l"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351962/; classtype:trojan-activity;sid:84215062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351945)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/ksdeuf/raw/refs/heads/main/mipsel"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351945/; classtype:trojan-activity;sid:84215045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351946)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/raw/refs/heads/main/.5r3fqt67ew531has4231.m68k"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351946/; classtype:trojan-activity;sid:84215046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351947)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/raw/refs/heads/main/.5r3fqt67ew531has4231.x86"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351947/; classtype:trojan-activity;sid:84215047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351948)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/raw/refs/heads/main/.5r3fqt67ew531has4231.arm7"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351948/; classtype:trojan-activity;sid:84215048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351949)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/raw/refs/heads/main/.5r3fqt67ew531has4231.arm"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351949/; classtype:trojan-activity;sid:84215049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351950)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/ksdeuf/raw/refs/heads/main/mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351950/; classtype:trojan-activity;sid:84215050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351952)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/raw/refs/heads/main/.5r3fqt67ew531has4231.arm6"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351952/; classtype:trojan-activity;sid:84215052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351953)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/raw/refs/heads/main/.5r3fqt67ew531has4231.ppc"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351953/; classtype:trojan-activity;sid:84215053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351954)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dhjif/raw/refs/heads/main/mipsel"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351954/; classtype:trojan-activity;sid:84215054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351956)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dhjif/raw/refs/heads/main/sh4"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351956/; classtype:trojan-activity;sid:84215056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351957)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/ksdeuf/raw/refs/heads/main/x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351957/; classtype:trojan-activity;sid:84215057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351958)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/raw/refs/heads/main/.5r3fqt67ew531has4231.arm5"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351958/; classtype:trojan-activity;sid:84215058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351959)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dhjif/raw/refs/heads/main/powerpc"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351959/; classtype:trojan-activity;sid:84215059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351960)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/raw/refs/heads/main/.5r3fqt67ew531has4231.sh4"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351960/; classtype:trojan-activity;sid:84215060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351936)"; flow:established,from_client; content:"GET"; http_method; content:"/avastavv.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"avastpdr.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351936/; classtype:trojan-activity;sid:84215036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351932)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12jgde-soib4liipbdhs55vkz7ek8_ua6"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351932/; classtype:trojan-activity;sid:84215032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351928)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dhjif/raw/refs/heads/main/armv5l"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351928/; classtype:trojan-activity;sid:84215028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351930)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/refs/heads/main/x86_32"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351930/; classtype:trojan-activity;sid:84215030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351925)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dhjif/raw/refs/heads/main/i586"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351925/; classtype:trojan-activity;sid:84215025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351926)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/refs/heads/main/arm7"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351926/; classtype:trojan-activity;sid:84215026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351923)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dhjif/raw/refs/heads/main/armv4l"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351923/; classtype:trojan-activity;sid:84215023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351918)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/refs/heads/main/m68k"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351918/; classtype:trojan-activity;sid:84215018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351921)"; flow:established,from_client; content:"GET"; http_method; content:"/earthsetup/firtshopacc/refs/heads/main/temp.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351921/; classtype:trojan-activity;sid:84215021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351912)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/refs/heads/main/mpsl"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351912/; classtype:trojan-activity;sid:84215012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351913)"; flow:established,from_client; content:"GET"; http_method; content:"/update//tpb-1.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"utorrent-backup-server3.top"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351913/; classtype:trojan-activity;sid:84215013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351914)"; flow:established,from_client; content:"GET"; http_method; content:"/update//tpb-1.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"utorrent-backup-server4.top"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351914/; classtype:trojan-activity;sid:84215014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351910)"; flow:established,from_client; content:"GET"; http_method; content:"/heysama/afsgdhzx/refs/heads/main/asyncclient.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351910/; classtype:trojan-activity;sid:84215010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351906)"; flow:established,from_client; content:"GET"; http_method; content:"/update//tpb-1.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"utorrent-backup-server.top"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351906/; classtype:trojan-activity;sid:84215006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351904)"; flow:established,from_client; content:"GET"; http_method; content:"/update//tpb-1.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"microsoft-auth-network.cc"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351904/; classtype:trojan-activity;sid:84215004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351905)"; flow:established,from_client; content:"GET"; http_method; content:"/update//tpb-1.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"security-service-api-link.cc"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351905/; classtype:trojan-activity;sid:84215005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351897)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dhjif/raw/refs/heads/main/armv6l"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351897/; classtype:trojan-activity;sid:84214997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351899)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dhjif/raw/refs/heads/main/mips"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351899/; classtype:trojan-activity;sid:84214999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351901)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/refs/heads/main/discord3.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351901/; classtype:trojan-activity;sid:84215001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351902)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/refs/heads/main/x86_64"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351902/; classtype:trojan-activity;sid:84215002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351896)"; flow:established,from_client; content:"GET"; http_method; content:"/update//tpb-1.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"win-network-checker.cc"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351896/; classtype:trojan-activity;sid:84214996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351888)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/refs/heads/main/arm6"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351888/; classtype:trojan-activity;sid:84214988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351892)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/refs/heads/main/arm"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351892/; classtype:trojan-activity;sid:84214992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351893)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/refs/heads/main/arm5"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351893/; classtype:trojan-activity;sid:84214993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351883)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dhjif/raw/refs/heads/main/m68k"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351883/; classtype:trojan-activity;sid:84214983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351886)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dhjif/raw/refs/heads/main/armv7l"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351886/; classtype:trojan-activity;sid:84214986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351887)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/refs/heads/main/sh4"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351887/; classtype:trojan-activity;sid:84214987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351881)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/refs/heads/main/mips"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351881/; classtype:trojan-activity;sid:84214981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351870)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/raw/refs/heads/main/x.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351870/; classtype:trojan-activity;sid:84214970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351868)"; flow:established,from_client; content:"GET"; http_method; content:"/luisphantom/vemom/raw/refs/heads/main/mmo%201.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351868/; classtype:trojan-activity;sid:84214968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351869)"; flow:established,from_client; content:"GET"; http_method; content:"/earthsetup/firtshopacc/raw/refs/heads/main/runtime%20broker.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351869/; classtype:trojan-activity;sid:84214969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351863)"; flow:established,from_client; content:"GET"; http_method; content:"/luisphantom/vemom/raw/refs/heads/main/svhost.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351863/; classtype:trojan-activity;sid:84214963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351862)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/raw/refs/heads/main/client-built.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351862/; classtype:trojan-activity;sid:84214962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351858)"; flow:established,from_client; content:"GET"; http_method; content:"/earthsetup/firtshopacc/raw/refs/heads/main/registry.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351858/; classtype:trojan-activity;sid:84214958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351859)"; flow:established,from_client; content:"GET"; http_method; content:"/felikzig/wdt/raw/refs/heads/main/collosalloader.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351859/; classtype:trojan-activity;sid:84214959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351841)"; flow:established,from_client; content:"GET"; http_method; content:"/z.png"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.11.61.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351841/; classtype:trojan-activity;sid:84214941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351842)"; flow:established,from_client; content:"GET"; http_method; content:"/a.png"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.11.61.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351842/; classtype:trojan-activity;sid:84214942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351834)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/raw/refs/heads/main/fud2.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351834/; classtype:trojan-activity;sid:84214934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351832)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/raw/refs/heads/main/sgvp%20client%20system.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351832/; classtype:trojan-activity;sid:84214932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351827)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/raw/refs/heads/main/kys.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351827/; classtype:trojan-activity;sid:84214927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351828)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/raw/refs/heads/main/test.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351828/; classtype:trojan-activity;sid:84214928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351829)"; flow:established,from_client; content:"GET"; http_method; content:"/jn.txt"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"misljen.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351829/; classtype:trojan-activity;sid:84214929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351830)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/refs/heads/main/client-built.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351830/; classtype:trojan-activity;sid:84214930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351831)"; flow:established,from_client; content:"GET"; http_method; content:"/therealastro666/lolz/raw/refs/heads/main/client-built.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351831/; classtype:trojan-activity;sid:84214931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351817)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/raw/refs/heads/main/discord.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351817/; classtype:trojan-activity;sid:84214917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351818)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/discord/raw/refs/heads/main/client-built.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351818/; classtype:trojan-activity;sid:84214918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351819)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/raw/refs/heads/main/sgvp%20client%20users.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351819/; classtype:trojan-activity;sid:84214919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351820)"; flow:established,from_client; content:"GET"; http_method; content:"/valofficial/client-follower/raw/refs/heads/main/client-built.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351820/; classtype:trojan-activity;sid:84214920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351821)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/raw/refs/heads/main/sgvp%20client%20program.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351821/; classtype:trojan-activity;sid:84214921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351822)"; flow:established,from_client; content:"GET"; http_method; content:"/luisphantom/vemom/raw/refs/heads/main/money.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351822/; classtype:trojan-activity;sid:84214922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351823)"; flow:established,from_client; content:"GET"; http_method; content:"/azurerex/napewnonievoiderhook/raw/refs/heads/main/sharpmonoinjector.exe"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351823/; classtype:trojan-activity;sid:84214923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351825)"; flow:established,from_client; content:"GET"; http_method; content:"/luisphantom/vemom/raw/refs/heads/main/client-built.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351825/; classtype:trojan-activity;sid:84214925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351826)"; flow:established,from_client; content:"GET"; http_method; content:"/blazedbottle/rat/raw/refs/heads/main/client-built-playit.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351826/; classtype:trojan-activity;sid:84214926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351816)"; flow:established,from_client; content:"GET"; http_method; content:"/faokun1/aaa/raw/refs/heads/main/client-built.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351816/; classtype:trojan-activity;sid:84214916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351812)"; flow:established,from_client; content:"GET"; http_method; content:"/azurerex/napewnonievoiderhook/raw/refs/heads/main/seksiak.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351812/; classtype:trojan-activity;sid:84214912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351813)"; flow:established,from_client; content:"GET"; http_method; content:"/tpinauskas/anticheat/raw/refs/heads/main/amogus.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351813/; classtype:trojan-activity;sid:84214913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351815)"; flow:established,from_client; content:"GET"; http_method; content:"/stukit/svhoste/raw/refs/heads/main/svhoste.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351815/; classtype:trojan-activity;sid:84214915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351811)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/raw/refs/heads/main/injector.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351811/; classtype:trojan-activity;sid:84214911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351810)"; flow:established,from_client; content:"GET"; http_method; content:"/videoxfrx/crealstealer/raw/refs/heads/main/creal.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351810/; classtype:trojan-activity;sid:84214910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351809)"; flow:established,from_client; content:"GET"; http_method; content:"/therealastro666/lolz/raw/refs/heads/main/built.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351809/; classtype:trojan-activity;sid:84214909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351808)"; flow:established,from_client; content:"GET"; http_method; content:"/blazedbottle/rat/raw/refs/heads/main/client-built.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351808/; classtype:trojan-activity;sid:84214908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351803)"; flow:established,from_client; content:"GET"; http_method; content:"/m4hvh2/dwadwa/raw/refs/heads/main/client-built.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351803/; classtype:trojan-activity;sid:84214903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"172.73.72.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351720/; classtype:trojan-activity;sid:84214820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351584)"; flow:established,from_client; content:"GET"; http_method; content:"/darm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351584/; classtype:trojan-activity;sid:84214684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351488)"; flow:established,from_client; content:"GET"; http_method; content:"/azurerex/napewnonievoiderhook/raw/refs/heads/main/uni.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351488/; classtype:trojan-activity;sid:84214588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351482)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/raw/refs/heads/main/lmao.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351482/; classtype:trojan-activity;sid:84214582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351484)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351484/; classtype:trojan-activity;sid:84214584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351486)"; flow:established,from_client; content:"GET"; http_method; content:"/unix-cmd/dev/raw/refs/heads/main/installer.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351486/; classtype:trojan-activity;sid:84214586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351478)"; flow:established,from_client; content:"GET"; http_method; content:"/ijeuwaesika/nna/raw/refs/heads/main/ifiinms.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351478/; classtype:trojan-activity;sid:84214578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351479)"; flow:established,from_client; content:"GET"; http_method; content:"/aspdasdksa2/callback/raw/refs/heads/main/client-built.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351479/; classtype:trojan-activity;sid:84214579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351480)"; flow:established,from_client; content:"GET"; http_method; content:"/orospuccocugu/aaaaaa/raw/refs/heads/main/enai2.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351480/; classtype:trojan-activity;sid:84214580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351476)"; flow:established,from_client; content:"GET"; http_method; content:"/sleepysnz/skibidi/raw/refs/heads/main/client-built.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351476/; classtype:trojan-activity;sid:84214576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351477)"; flow:established,from_client; content:"GET"; http_method; content:"/fsabxh/sfdawsdawdaw/raw/refs/heads/main/serials_checker.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351477/; classtype:trojan-activity;sid:84214577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351472)"; flow:established,from_client; content:"GET"; http_method; content:"/qwuxu/ghjtdfghnfg/raw/refs/heads/main/cnct.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351472/; classtype:trojan-activity;sid:84214572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351473)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/rcf_omfnorh.txt"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351473/; classtype:trojan-activity;sid:84214573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351474)"; flow:established,from_client; content:"GET"; http_method; content:"/imaeewy/about-me/raw/refs/heads/main/installer.exe.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351474/; classtype:trojan-activity;sid:84214574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351468)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/raw/refs/heads/main/jignesh.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351468/; classtype:trojan-activity;sid:84214568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351469)"; flow:established,from_client; content:"GET"; http_method; content:"/xcocgt/priv1/raw/refs/heads/main/microsoft_hardware_launch.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351469/; classtype:trojan-activity;sid:84214569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351470)"; flow:established,from_client; content:"GET"; http_method; content:"/sesafvr/ayo/raw/refs/heads/main/client-built.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351470/; classtype:trojan-activity;sid:84214570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351471)"; flow:established,from_client; content:"GET"; http_method; content:"/tezx11/imgui/raw/refs/heads/main/example_win32_dx11.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351471/; classtype:trojan-activity;sid:84214571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351464)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/domcfbs.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351464/; classtype:trojan-activity;sid:84214564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351465)"; flow:established,from_client; content:"GET"; http_method; content:"/jackedmicheal/ccenty/raw/refs/heads/main/crspoof.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351465/; classtype:trojan-activity;sid:84214565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351466)"; flow:established,from_client; content:"GET"; http_method; content:"/skibidisigmer/fncleanerv2/raw/refs/heads/main/cleanerv2.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351466/; classtype:trojan-activity;sid:84214566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351462)"; flow:established,from_client; content:"GET"; http_method; content:"/eluwnkaquxi/elcio/raw/refs/heads/main/server1.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351462/; classtype:trojan-activity;sid:84214562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351460)"; flow:established,from_client; content:"GET"; http_method; content:"/paketpk/trojan/raw/refs/heads/main/njsilent.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351460/; classtype:trojan-activity;sid:84214560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351459)"; flow:established,from_client; content:"GET"; http_method; content:"/nakuss/dwdwadwa/raw/refs/heads/main/client-built.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351459/; classtype:trojan-activity;sid:84214559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351458)"; flow:established,from_client; content:"GET"; http_method; content:"/eliasgay23/123/raw/refs/heads/main/svhost.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351458/; classtype:trojan-activity;sid:84214558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351454)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/apfjrdf.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351454/; classtype:trojan-activity;sid:84214554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351455)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/raw/refs/heads/main/runtimebroker%20(2).exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351455/; classtype:trojan-activity;sid:84214555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351451)"; flow:established,from_client; content:"GET"; http_method; content:"/imaeewy/about-me/raw/refs/heads/main/client-built.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351451/; classtype:trojan-activity;sid:84214551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351448)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/raw/refs/heads/main/xxdici"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351448/; classtype:trojan-activity;sid:84214548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351450)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/raw/refs/heads/main/negarque.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351450/; classtype:trojan-activity;sid:84214550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351445)"; flow:established,from_client; content:"GET"; http_method; content:"/bormasina/test/raw/refs/heads/main/defender64.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351445/; classtype:trojan-activity;sid:84214545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351447)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/raw/refs/heads/main/1434orz.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351447/; classtype:trojan-activity;sid:84214547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351444)"; flow:established,from_client; content:"GET"; http_method; content:"/fhebngndsg/thefunny/raw/refs/heads/main/client-built.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351444/; classtype:trojan-activity;sid:84214544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351441)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmedk97/xwqd21waddqwdv/raw/refs/heads/main/server.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351441/; classtype:trojan-activity;sid:84214541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351435)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/raw/refs/heads/main/dic1"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351435/; classtype:trojan-activity;sid:84214535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351436)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/rcm_dcdedkd.txt"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351436/; classtype:trojan-activity;sid:84214536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351437)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/bkpmdom.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351437/; classtype:trojan-activity;sid:84214537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351438)"; flow:established,from_client; content:"GET"; http_method; content:"/xcocgt/priv1/raw/refs/heads/main/testme.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351438/; classtype:trojan-activity;sid:84214538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351439)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/iksjbpj.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351439/; classtype:trojan-activity;sid:84214539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351440)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/raw/refs/heads/main/executablelol.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351440/; classtype:trojan-activity;sid:84214540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351432)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/raw/refs/heads/main/skibidi.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351432/; classtype:trojan-activity;sid:84214532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351433)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/raw/refs/heads/main/nov13"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351433/; classtype:trojan-activity;sid:84214533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351430)"; flow:established,from_client; content:"GET"; http_method; content:"/xevioo/xeviohub/raw/refs/heads/main/critscript.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351430/; classtype:trojan-activity;sid:84214530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351429)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/asy_dffaaep.txt"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351429/; classtype:trojan-activity;sid:84214529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351428)"; flow:established,from_client; content:"GET"; http_method; content:"/grozniy1/folder/raw/refs/heads/main/444.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351428/; classtype:trojan-activity;sid:84214528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351425)"; flow:established,from_client; content:"GET"; http_method; content:"/qwuxu/ghjtdfghnfg/raw/refs/heads/main/joiner.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351425/; classtype:trojan-activity;sid:84214525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351422)"; flow:established,from_client; content:"GET"; http_method; content:"/yusuf216/sshport/raw/refs/heads/main/evetbeta.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351422/; classtype:trojan-activity;sid:84214522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351424)"; flow:established,from_client; content:"GET"; http_method; content:"/krevedko3221/porno/raw/refs/heads/main/mos%20ssssttttt.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351424/; classtype:trojan-activity;sid:84214524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351418)"; flow:established,from_client; content:"GET"; http_method; content:"/qwuxu/ghjtdfghnfg/raw/refs/heads/main/newest.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351418/; classtype:trojan-activity;sid:84214518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351419)"; flow:established,from_client; content:"GET"; http_method; content:"/yusuf216/sshport/raw/refs/heads/main/benpolatalemdar.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351419/; classtype:trojan-activity;sid:84214519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351417)"; flow:established,from_client; content:"GET"; http_method; content:"/monkey958/sdasd/raw/refs/heads/main/856.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351417/; classtype:trojan-activity;sid:84214517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351416)"; flow:established,from_client; content:"GET"; http_method; content:"/qwuxu/ghjtdfghnfg/raw/refs/heads/main/startup.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351416/; classtype:trojan-activity;sid:84214516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351414)"; flow:established,from_client; content:"GET"; http_method; content:"/nxrecxxil/syndicate/raw/refs/heads/main/main.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351414/; classtype:trojan-activity;sid:84214514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351411)"; flow:established,from_client; content:"GET"; http_method; content:"/nakuss/erth/raw/refs/heads/main/wenzcord.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351411/; classtype:trojan-activity;sid:84214511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351413)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/raw/refs/heads/main/xdci"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351413/; classtype:trojan-activity;sid:84214513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351406)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/raw/refs/heads/main/client-built.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351406/; classtype:trojan-activity;sid:84214506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351407)"; flow:established,from_client; content:"GET"; http_method; content:"/biseo0/neue/raw/refs/heads/main/client-built.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351407/; classtype:trojan-activity;sid:84214507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351408)"; flow:established,from_client; content:"GET"; http_method; content:"/tezx11/imgui/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351408/; classtype:trojan-activity;sid:84214508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351409)"; flow:established,from_client; content:"GET"; http_method; content:"/cctv-security/rev/raw/refs/heads/main/client-built.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351409/; classtype:trojan-activity;sid:84214509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351410)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/raw/refs/heads/main/vanilla.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351410/; classtype:trojan-activity;sid:84214510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351399)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/raw/refs/heads/main/pasrem13.txt"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351399/; classtype:trojan-activity;sid:84214499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351400)"; flow:established,from_client; content:"GET"; http_method; content:"/imaeewy/about-me/raw/refs/heads/main/discord.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351400/; classtype:trojan-activity;sid:84214500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351401)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/araofkh.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351401/; classtype:trojan-activity;sid:84214501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351402)"; flow:established,from_client; content:"GET"; http_method; content:"/horiffy/sentil/raw/refs/heads/main/sentil.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351402/; classtype:trojan-activity;sid:84214502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351405)"; flow:established,from_client; content:"GET"; http_method; content:"/zls2024/not-download/raw/refs/heads/main/discord.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351405/; classtype:trojan-activity;sid:84214505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351397)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/oahinkn.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351397/; classtype:trojan-activity;sid:84214497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351396)"; flow:established,from_client; content:"GET"; http_method; content:"/mariolalo/myrec/raw/refs/heads/main/notallowedtocrypt.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351396/; classtype:trojan-activity;sid:84214496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351392)"; flow:established,from_client; content:"GET"; http_method; content:"/xerussploit/spectrum/raw/refs/heads/main/spectrum.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351392/; classtype:trojan-activity;sid:84214492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351389)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/krkmakc.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351389/; classtype:trojan-activity;sid:84214489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351390)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/raw/refs/heads/main/xeno"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351390/; classtype:trojan-activity;sid:84214490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351391)"; flow:established,from_client; content:"GET"; http_method; content:"/unix-cmd/dev/raw/refs/heads/main/webhook.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351391/; classtype:trojan-activity;sid:84214491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351386)"; flow:established,from_client; content:"GET"; http_method; content:"/toxicxz/fnaf-1/raw/refs/heads/main/fusca%20game.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351386/; classtype:trojan-activity;sid:84214486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351387)"; flow:established,from_client; content:"GET"; http_method; content:"/itschangat/test/raw/refs/heads/main/system.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351387/; classtype:trojan-activity;sid:84214487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351383)"; flow:established,from_client; content:"GET"; http_method; content:"/theairblow/theairblow/raw/refs/heads/main/njrat.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351383/; classtype:trojan-activity;sid:84214483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351384)"; flow:established,from_client; content:"GET"; http_method; content:"/cavxsy/crazy.spoofer/raw/refs/heads/main/loader.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351384/; classtype:trojan-activity;sid:84214484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351376)"; flow:established,from_client; content:"GET"; http_method; content:"/raz233/rgdgdrg/raw/refs/heads/main/client.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351376/; classtype:trojan-activity;sid:84214476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351377)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/raw/refs/heads/main/fast%20download.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351377/; classtype:trojan-activity;sid:84214477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351379)"; flow:established,from_client; content:"GET"; http_method; content:"/trafunny/malware-file/raw/refs/heads/main/njrat.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351379/; classtype:trojan-activity;sid:84214479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351380)"; flow:established,from_client; content:"GET"; http_method; content:"/qwuxu/ghjtdfghnfg/raw/refs/heads/main/lastest.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351380/; classtype:trojan-activity;sid:84214480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351381)"; flow:established,from_client; content:"GET"; http_method; content:"/mentaliczz/bloxflippredictor-v2/raw/refs/heads/main/bloxflip%20predictor.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351381/; classtype:trojan-activity;sid:84214481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351382)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/xwmm_aakkhbm.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351382/; classtype:trojan-activity;sid:84214482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351375)"; flow:established,from_client; content:"GET"; http_method; content:"/impar0/tryyy/raw/refs/heads/main/client.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351375/; classtype:trojan-activity;sid:84214475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351369)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/fffaemf.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351369/; classtype:trojan-activity;sid:84214469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351363)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/bao.bin"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351363/; classtype:trojan-activity;sid:84214463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351364)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/raw/refs/heads/main/shellcode.bin"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351364/; classtype:trojan-activity;sid:84214464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351365)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/raw/refs/heads/main/discord2.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351365/; classtype:trojan-activity;sid:84214465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351366)"; flow:established,from_client; content:"GET"; http_method; content:"/babskai/vir-s/raw/refs/heads/main/aaa%20(3).exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351366/; classtype:trojan-activity;sid:84214466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351367)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/raw/refs/heads/main/loader.bin"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351367/; classtype:trojan-activity;sid:84214467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351368)"; flow:established,from_client; content:"GET"; http_method; content:"/litrik002/venomrat-v6.0.3-source-/raw/refs/heads/main/server.properties.resources.resources"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351368/; classtype:trojan-activity;sid:84214468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351361)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/raw/refs/heads/main/xclien.txt"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351361/; classtype:trojan-activity;sid:84214461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351362)"; flow:established,from_client; content:"GET"; http_method; content:"/lohoainam/-at/raw/refs/heads/main/xclient.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351362/; classtype:trojan-activity;sid:84214462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351358)"; flow:established,from_client; content:"GET"; http_method; content:"/heysama/afsgdhzx/raw/refs/heads/main/asyncclient.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351358/; classtype:trojan-activity;sid:84214458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351359)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/raw/refs/heads/main/shellcodeany.bin"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351359/; classtype:trojan-activity;sid:84214459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351355)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/igapsme.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351355/; classtype:trojan-activity;sid:84214455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351352)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/cool.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351352/; classtype:trojan-activity;sid:84214452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351353)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/101.bin"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351353/; classtype:trojan-activity;sid:84214453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351350)"; flow:established,from_client; content:"GET"; http_method; content:"/xacker-volk/justmyrat/raw/refs/heads/main/njrat%20dangerous.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351350/; classtype:trojan-activity;sid:84214450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351345)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/mor.bin"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351345/; classtype:trojan-activity;sid:84214445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351346)"; flow:established,from_client; content:"GET"; http_method; content:"/stezxyz/svchost.exe/raw/refs/heads/main/xclient.bin"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351346/; classtype:trojan-activity;sid:84214446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351347)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/raw/refs/heads/main/15m.bin"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351347/; classtype:trojan-activity;sid:84214447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351349)"; flow:established,from_client; content:"GET"; http_method; content:"/692-ez/ratta/raw/refs/heads/main/msedge..exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351349/; classtype:trojan-activity;sid:84214449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351341)"; flow:established,from_client; content:"GET"; http_method; content:"/zefordk/ikeya/raw/refs/heads/main/shellcode64.bin"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351341/; classtype:trojan-activity;sid:84214441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351342)"; flow:established,from_client; content:"GET"; http_method; content:"/realmastercoder69/daww/raw/refs/heads/main/loader.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351342/; classtype:trojan-activity;sid:84214442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351343)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/raw/refs/heads/main/discordd.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351343/; classtype:trojan-activity;sid:84214443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351344)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/play.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351344/; classtype:trojan-activity;sid:84214444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351340)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/11.bin"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351340/; classtype:trojan-activity;sid:84214440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351337)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/raw/refs/heads/main/discord.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351337/; classtype:trojan-activity;sid:84214437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351335)"; flow:established,from_client; content:"GET"; http_method; content:"/trafunny/malware-file/raw/refs/heads/main/crack.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351335/; classtype:trojan-activity;sid:84214435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351336)"; flow:established,from_client; content:"GET"; http_method; content:"/aavaahanan121/tools/raw/refs/heads/main/kali_tools.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351336/; classtype:trojan-activity;sid:84214436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351334)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/raw/refs/heads/main/diciembre"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351334/; classtype:trojan-activity;sid:84214434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351332)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/doom.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351332/; classtype:trojan-activity;sid:84214432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351333)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/raw/refs/heads/main/2.bin"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351333/; classtype:trojan-activity;sid:84214433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351326)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/gpieisb.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351326/; classtype:trojan-activity;sid:84214426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351328)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/king.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351328/; classtype:trojan-activity;sid:84214428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351329)"; flow:established,from_client; content:"GET"; http_method; content:"/stezxyz/svchost.exe/raw/refs/heads/main/shellcodeany.bin"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351329/; classtype:trojan-activity;sid:84214429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351330)"; flow:established,from_client; content:"GET"; http_method; content:"/kees5462/this-is-a-roblox-external-cheat-best-one-out-there/raw/refs/heads/main/java.exe"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351330/; classtype:trojan-activity;sid:84214430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351323)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/raw/refs/heads/main/system-loader.bin"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351323/; classtype:trojan-activity;sid:84214423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351324)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/raw/refs/heads/main/1.bin"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351324/; classtype:trojan-activity;sid:84214424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351325)"; flow:established,from_client; content:"GET"; http_method; content:"/mis/datepicker/!help_sos.hta"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"202.29.95.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351325/; classtype:trojan-activity;sid:84214425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351322)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/raw/refs/heads/main/test-loader.bin"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351322/; classtype:trojan-activity;sid:84214422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351321)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/key.bin"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351321/; classtype:trojan-activity;sid:84214421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351320)"; flow:established,from_client; content:"GET"; http_method; content:"/fericarr/newky/raw/refs/heads/main/prueba.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351320/; classtype:trojan-activity;sid:84214420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351318)"; flow:established,from_client; content:"GET"; http_method; content:"/ozcanpng/backd00r/raw/refs/heads/main/backd00rhome.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351318/; classtype:trojan-activity;sid:84214418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351319)"; flow:established,from_client; content:"GET"; http_method; content:"/rimase12/urika/raw/refs/heads/main/perviy.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351319/; classtype:trojan-activity;sid:84214419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351316)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/raw/refs/heads/main/3.bin"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351316/; classtype:trojan-activity;sid:84214416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351310)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/thong.bin"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351310/; classtype:trojan-activity;sid:84214410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351311)"; flow:established,from_client; content:"GET"; http_method; content:"/692-ez/ratta/raw/refs/heads/main/msedge.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351311/; classtype:trojan-activity;sid:84214411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351312)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/sil.bin"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351312/; classtype:trojan-activity;sid:84214412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351313)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/raw/refs/heads/main/uesr-loader.bin"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351313/; classtype:trojan-activity;sid:84214413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351304)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/jaadkfh.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351304/; classtype:trojan-activity;sid:84214404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351308)"; flow:established,from_client; content:"GET"; http_method; content:"/rimase12/urika/raw/refs/heads/main/vtoroy.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351308/; classtype:trojan-activity;sid:84214408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351309)"; flow:established,from_client; content:"GET"; http_method; content:"/earthsetup/firtshopacc/raw/refs/heads/main/tcp.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351309/; classtype:trojan-activity;sid:84214409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351300)"; flow:established,from_client; content:"GET"; http_method; content:"/orospuccocugu/aaaaaa/raw/refs/heads/main/anne.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351300/; classtype:trojan-activity;sid:84214400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351301)"; flow:established,from_client; content:"GET"; http_method; content:"/h4ck3dv0d4/terminal-test/raw/refs/heads/main/terminal_9235.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351301/; classtype:trojan-activity;sid:84214401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351299)"; flow:established,from_client; content:"GET"; http_method; content:"/earthsetup/firtshopacc/raw/refs/heads/main/temp.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351299/; classtype:trojan-activity;sid:84214399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351297)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/rust-reverse-shell/raw/refs/heads/main/shellcode.bin"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351297/; classtype:trojan-activity;sid:84214397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351294)"; flow:established,from_client; content:"GET"; http_method; content:"/krishnatherock9673/krishna22/raw/refs/heads/main/krishna33.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351294/; classtype:trojan-activity;sid:84214394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351295)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/raw/refs/heads/main/program-loader.bin"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351295/; classtype:trojan-activity;sid:84214395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351292)"; flow:established,from_client; content:"GET"; http_method; content:"/692-ez/ratta/raw/refs/heads/main/com%20surrogate.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351292/; classtype:trojan-activity;sid:84214392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351290)"; flow:established,from_client; content:"GET"; http_method; content:"/jackedmicheal/ccenty/raw/refs/heads/main/crspoofer.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351290/; classtype:trojan-activity;sid:84214390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351287)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/raw/refs/heads/main/rmspas.txt"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351287/; classtype:trojan-activity;sid:84214387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351285)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/rooahio.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351285/; classtype:trojan-activity;sid:84214385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351280)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/mera.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351280/; classtype:trojan-activity;sid:84214380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351281)"; flow:established,from_client; content:"GET"; http_method; content:"/thanhtung19944/ok-/raw/refs/heads/main/thunn.bin"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351281/; classtype:trojan-activity;sid:84214381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351277)"; flow:established,from_client; content:"GET"; http_method; content:"/thanhtung19944/ok-/raw/refs/heads/main/oneving.bin"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351277/; classtype:trojan-activity;sid:84214377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351278)"; flow:established,from_client; content:"GET"; http_method; content:"/thanhtung19944/ok-/raw/refs/heads/main/need.bin"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351278/; classtype:trojan-activity;sid:84214378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351279)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/raw/refs/heads/main/discord3.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351279/; classtype:trojan-activity;sid:84214379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351269)"; flow:established,from_client; content:"GET"; http_method; content:"/rimase12/urika/raw/refs/heads/main/tretiy.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351269/; classtype:trojan-activity;sid:84214369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351270)"; flow:established,from_client; content:"GET"; http_method; content:"/cfedss/exe/raw/refs/heads/main/solara_protect.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351270/; classtype:trojan-activity;sid:84214370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351271)"; flow:established,from_client; content:"GET"; http_method; content:"/aavaahanan121/tools/raw/refs/heads/main/fern_wifi_recon%252.34.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351271/; classtype:trojan-activity;sid:84214371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351272)"; flow:established,from_client; content:"GET"; http_method; content:"/ducminh23/ddosv1/raw/refs/heads/main/ddosziller.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351272/; classtype:trojan-activity;sid:84214372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351273)"; flow:established,from_client; content:"GET"; http_method; content:"/jzmvip/jzmfreetool/raw/refs/heads/main/shell.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351273/; classtype:trojan-activity;sid:84214373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351274)"; flow:established,from_client; content:"GET"; http_method; content:"/jzmvip/jzmfreetool/raw/refs/heads/main/asyncclient.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351274/; classtype:trojan-activity;sid:84214374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351275)"; flow:established,from_client; content:"GET"; http_method; content:"/iamgelogger233/imagelogger/raw/refs/heads/main/imagelogger.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351275/; classtype:trojan-activity;sid:84214375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351266)"; flow:established,from_client; content:"GET"; http_method; content:"/mhemon404/project01/raw/refs/heads/main/system404.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351266/; classtype:trojan-activity;sid:84214366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351259)"; flow:established,from_client; content:"GET"; http_method; content:"/fengjixuchui/cve-2022-26810/raw/refs/heads/main/shellcode.bin"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351259/; classtype:trojan-activity;sid:84214359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351256)"; flow:established,from_client; content:"GET"; http_method; content:"/mis/calendar/_notes/!help_sos.hta"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"202.29.95.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351256/; classtype:trojan-activity;sid:84214356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351249)"; flow:established,from_client; content:"GET"; http_method; content:"/kees5462/this-is-a-roblox-external-cheat-best-one-out-there/raw/refs/heads/main/java32.exe"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351249/; classtype:trojan-activity;sid:84214349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351247)"; flow:established,from_client; content:"GET"; http_method; content:"/endity123/fivem-spoofer/raw/refs/heads/main/reaper%20cfx%20spoofer%20v2.exe"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351247/; classtype:trojan-activity;sid:84214347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351246)"; flow:established,from_client; content:"GET"; http_method; content:"/babskai/vir-s/raw/refs/heads/main/asyncclient.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351246/; classtype:trojan-activity;sid:84214346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350735)"; flow:established,from_client; content:"GET"; http_method; content:"/hmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350735/; classtype:trojan-activity;sid:84213835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350577)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"111.185.226.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350577/; classtype:trojan-activity;sid:84213677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349512)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.59.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349512/; classtype:trojan-activity;sid:84212612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.205.55.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348857/; classtype:trojan-activity;sid:84211957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348217)"; flow:established,from_client; content:"GET"; http_method; content:"/attatier/cloud/main/testexe.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348217/; classtype:trojan-activity;sid:84211317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348193)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.129.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348193/; classtype:trojan-activity;sid:84211293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347923)"; flow:established,from_client; content:"GET"; http_method; content:"/buihuyduc123/duccbotnet/main/system32.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347923/; classtype:trojan-activity;sid:84211023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347919)"; flow:established,from_client; content:"GET"; http_method; content:"/bublegumle/system32.exe/raw/refs/heads/master/system32.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347919/; classtype:trojan-activity;sid:84211019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347918)"; flow:established,from_client; content:"GET"; http_method; content:"/booombiimbamm/mods/main/system32.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347918/; classtype:trojan-activity;sid:84211018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347708)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.156.64.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347708/; classtype:trojan-activity;sid:84210808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347683)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.40.253.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347683/; classtype:trojan-activity;sid:84210783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347691)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.23.208.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347691/; classtype:trojan-activity;sid:84210791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347438)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp.elf"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347438/; classtype:trojan-activity;sid:84210538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347432)"; flow:established,from_client; content:"GET"; http_method; content:"/temp.elf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347432/; classtype:trojan-activity;sid:84210532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347430)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"101.37.34.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347430/; classtype:trojan-activity;sid:84210530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347422)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp5.elf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347422/; classtype:trojan-activity;sid:84210522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347423)"; flow:established,from_client; content:"GET"; http_method; content:"/reverse.elf"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347423/; classtype:trojan-activity;sid:84210523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347424)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp1.elf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347424/; classtype:trojan-activity;sid:84210524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347425)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp4.elf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347425/; classtype:trojan-activity;sid:84210525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347426)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347426/; classtype:trojan-activity;sid:84210526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347429)"; flow:established,from_client; content:"GET"; http_method; content:"/3.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"101.37.34.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347429/; classtype:trojan-activity;sid:84210529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347368)"; flow:established,from_client; content:"GET"; http_method; content:"/homboz/ucm1/releases/download/iu1/shost.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347368/; classtype:trojan-activity;sid:84210468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347369)"; flow:established,from_client; content:"GET"; http_method; content:"/homboz/chmu1/releases/download/mu0/qhos.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347369/; classtype:trojan-activity;sid:84210469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347366)"; flow:established,from_client; content:"GET"; http_method; content:"/homboz/ph1/releases/download/po1/phost.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347366/; classtype:trojan-activity;sid:84210466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347363)"; flow:established,from_client; content:"GET"; http_method; content:"/homboz/fin1g/releases/download/fi/in.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347363/; classtype:trojan-activity;sid:84210463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347317)"; flow:established,from_client; content:"GET"; http_method; content:"/download/neofreesetup.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"download.emailorganizer.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347317/; classtype:trojan-activity;sid:84210417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347312)"; flow:established,from_client; content:"GET"; http_method; content:"/luisphantom/vemom/refs/heads/main/viptoolmeta.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347312/; classtype:trojan-activity;sid:84210412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347309)"; flow:established,from_client; content:"GET"; http_method; content:"/download/trackyoursentolsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"download.emailorganizer.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347309/; classtype:trojan-activity;sid:84210409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347308)"; flow:established,from_client; content:"GET"; http_method; content:"/component/vc2005sp1redist_x86.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"windriversfiles.imeitools.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347308/; classtype:trojan-activity;sid:84210408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347307)"; flow:established,from_client; content:"GET"; http_method; content:"/luisphantom/vemom/raw/refs/heads/main/viptoolmeta.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347307/; classtype:trojan-activity;sid:84210407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347303)"; flow:established,from_client; content:"GET"; http_method; content:"/itschangat/test/blob/main/server.exe|3f|raw=true/"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347303/; classtype:trojan-activity;sid:84210403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346530)"; flow:established,from_client; content:"GET"; http_method; content:"/whoafg/problemonfmech/refs/heads/main/client.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346530/; classtype:trojan-activity;sid:84209630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346526)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/l4.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346526/; classtype:trojan-activity;sid:84209626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346508)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dynpvoy.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346508/; classtype:trojan-activity;sid:84209608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346511)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/networkmanager.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346511/; classtype:trojan-activity;sid:84209611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346515)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/l4.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346515/; classtype:trojan-activity;sid:84209615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346497)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dynpvoy.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346497/; classtype:trojan-activity;sid:84209597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346491)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rmx.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346491/; classtype:trojan-activity;sid:84209591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346489)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/chrome11.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346489/; classtype:trojan-activity;sid:84209589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346487)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/chrome11.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346487/; classtype:trojan-activity;sid:84209587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346475)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/networkmanager.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346475/; classtype:trojan-activity;sid:84209575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346469)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/alexshlu.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346469/; classtype:trojan-activity;sid:84209569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346465)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/jsawdtyjde.exe|3f|b"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346465/; classtype:trojan-activity;sid:84209565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346467)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/alexshlu.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346467/; classtype:trojan-activity;sid:84209567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346077)"; flow:established,from_client; content:"GET"; http_method; content:"/ronaldorsantana/ronaldo/refs/heads/main/boleto.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346077/; classtype:trojan-activity;sid:84209177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346076)"; flow:established,from_client; content:"GET"; http_method; content:"/ronaldorsantana/ronaldo/raw/refs/heads/main/boleto.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346076/; classtype:trojan-activity;sid:84209176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346027)"; flow:established,from_client; content:"GET"; http_method; content:"/jy.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"jrqh-hk.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346027/; classtype:trojan-activity;sid:84209127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346026)"; flow:established,from_client; content:"GET"; http_method; content:"/kaijiorder/cert/41a1111.hta"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"182.92.99.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346026/; classtype:trojan-activity;sid:84209126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346022)"; flow:established,from_client; content:"GET"; http_method; content:"/captcha.hta"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.131.135.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346022/; classtype:trojan-activity;sid:84209122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346020)"; flow:established,from_client; content:"GET"; http_method; content:"/leemurray751/testing/refs/heads/main/testingfile.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346020/; classtype:trojan-activity;sid:84209120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346018)"; flow:established,from_client; content:"GET"; http_method; content:"/zls2024/not-download/main/discord.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346018/; classtype:trojan-activity;sid:84209118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346016)"; flow:established,from_client; content:"GET"; http_method; content:"/itschangat/test/blob/main/server.exe|3f|raw=true"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346016/; classtype:trojan-activity;sid:84209116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346000)"; flow:established,from_client; content:"GET"; http_method; content:"/leemurray751/testing/raw/refs/heads/main/testingfile.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346000/; classtype:trojan-activity;sid:84209100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345993)"; flow:established,from_client; content:"GET"; http_method; content:"/dune64.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"sporcketngearforu.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345993/; classtype:trojan-activity;sid:84209093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.88.242.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345678/; classtype:trojan-activity;sid:84208778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.120.230.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345362/; classtype:trojan-activity;sid:84208462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.120.230.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345343/; classtype:trojan-activity;sid:84208443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345289)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.180.176.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345289/; classtype:trojan-activity;sid:84208389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345094)"; flow:established,from_client; content:"GET"; http_method; content:"/download/neofindsetup.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"download.emailorganizer.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345094/; classtype:trojan-activity;sid:84208194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345092)"; flow:established,from_client; content:"GET"; http_method; content:"/isnackycracky/keepassrdp/releases/latest/download/keepassrdp_v2.2.2.exe"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345092/; classtype:trojan-activity;sid:84208192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345089)"; flow:established,from_client; content:"GET"; http_method; content:"/n00b69/woasetup/releases/download/installers/dxwebsetup.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345089/; classtype:trojan-activity;sid:84208189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345087)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rmx.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345087/; classtype:trojan-activity;sid:84208187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345085)"; flow:established,from_client; content:"GET"; http_method; content:"/thanhtung19944/ok-/refs/heads/main/outping.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345085/; classtype:trojan-activity;sid:84208185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345074)"; flow:established,from_client; content:"GET"; http_method; content:"/phpmyadmin/themes/darkblue_orange/img/!help_sos.hta"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"202.29.95.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345074/; classtype:trojan-activity;sid:84208174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345075)"; flow:established,from_client; content:"GET"; http_method; content:"/dune64.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.sporcketngearforu.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345075/; classtype:trojan-activity;sid:84208175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345076)"; flow:established,from_client; content:"GET"; http_method; content:"/kaijiorder/cert/2a.hta"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.92.99.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345076/; classtype:trojan-activity;sid:84208176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345077)"; flow:established,from_client; content:"GET"; http_method; content:"/thanhtung19944/ok-/raw/refs/heads/main/outping.bin"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345077/; classtype:trojan-activity;sid:84208177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345073)"; flow:established,from_client; content:"GET"; http_method; content:"/retest.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345073/; classtype:trojan-activity;sid:84208173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345062)"; flow:established,from_client; content:"GET"; http_method; content:"/ys558pd/start.hta"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"device.redirec.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345062/; classtype:trojan-activity;sid:84208162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345064)"; flow:established,from_client; content:"GET"; http_method; content:"/phpmyadmin/themes/darkblue_orange/!help_sos.hta"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"202.29.95.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345064/; classtype:trojan-activity;sid:84208164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345061)"; flow:established,from_client; content:"GET"; http_method; content:"/cistest.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345061/; classtype:trojan-activity;sid:84208161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344719)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.91.153.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3344719/; classtype:trojan-activity;sid:84207819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344246)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/drg/rtc/ad/old/dll.txt"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344246/; classtype:trojan-activity;sid:84207346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340489)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/refs/heads/main/.5r3fqt67ew531has4231.arm7"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340489/; classtype:trojan-activity;sid:84203589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340488)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/refs/heads/main/.5r3fqt67ew531has4231.x86"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340488/; classtype:trojan-activity;sid:84203588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340486)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/refs/heads/main/.5r3fqt67ew531has4231.ppc"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340486/; classtype:trojan-activity;sid:84203586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340487)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/refs/heads/main/.5r3fqt67ew531has4231.arm6"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340487/; classtype:trojan-activity;sid:84203587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340479)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/refs/heads/main/.5r3fqt67ew531has4231.sh4"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340479/; classtype:trojan-activity;sid:84203579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340480)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/refs/heads/main/.5r3fqt67ew531has4231.arm"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340480/; classtype:trojan-activity;sid:84203580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340481)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/refs/heads/main/.5r3fqt67ew531has4231.mips"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340481/; classtype:trojan-activity;sid:84203581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340482)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/refs/heads/main/.5r3fqt67ew531has4231.m68k"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340482/; classtype:trojan-activity;sid:84203582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340483)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/refs/heads/main/.5r3fqt67ew531has4231.mpsl"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340483/; classtype:trojan-activity;sid:84203583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340484)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/refs/heads/main/.5r3fqt67ew531has4231.arm5"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340484/; classtype:trojan-activity;sid:84203584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340440)"; flow:established,from_client; content:"GET"; http_method; content:"/dis3j/wagnerhook/releases/download/release/loader.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340440/; classtype:trojan-activity;sid:84203540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340424)"; flow:established,from_client; content:"GET"; http_method; content:"/stressedb/redengine/refs/heads/main/loader.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340424/; classtype:trojan-activity;sid:84203524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340399)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/xbest%20v1.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340399/; classtype:trojan-activity;sid:84203499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340398)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/complexo%20v4.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340398/; classtype:trojan-activity;sid:84203498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340395)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/box3d.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340395/; classtype:trojan-activity;sid:84203495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340396)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/lkwan.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340396/; classtype:trojan-activity;sid:84203496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340397)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/flunix9.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340397/; classtype:trojan-activity;sid:84203497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340392)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/elzhas%20pannel.dll"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340392/; classtype:trojan-activity;sid:84203492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340393)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/morovip.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340393/; classtype:trojan-activity;sid:84203493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340394)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/hazaxd.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340394/; classtype:trojan-activity;sid:84203494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340391)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/xbest.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340391/; classtype:trojan-activity;sid:84203491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340390)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/blue_and_white.dll"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340390/; classtype:trojan-activity;sid:84203490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340363)"; flow:established,from_client; content:"GET"; http_method; content:"/huuuuggga/aaaaa1/refs/heads/main/srtware.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340363/; classtype:trojan-activity;sid:84203463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340322)"; flow:established,from_client; content:"GET"; http_method; content:"/installer.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sister-1324943887.cos.ap-guangzhou.myqcloud.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340322/; classtype:trojan-activity;sid:84203422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340072)"; flow:established,from_client; content:"GET"; http_method; content:"/node/autohotkeyu64.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340072/; classtype:trojan-activity;sid:84203172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340071)"; flow:established,from_client; content:"GET"; http_method; content:"/node/setup.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340071/; classtype:trojan-activity;sid:84203171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340031)"; flow:established,from_client; content:"GET"; http_method; content:"/htaaa.hta"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mandarin.net.au"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340031/; classtype:trojan-activity;sid:84203131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340026)"; flow:established,from_client; content:"GET"; http_method; content:"/imaeewy/test-rat-do-not-download-exe/refs/heads/main/downloader.hta"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340026/; classtype:trojan-activity;sid:84203126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339529)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/rodriakd-8413d.appspot.com/o/dll%2fdllrodita.txt|3f|alt=media|7c|26|7c|token=e71965a3-c432-4759-9f03-7fe4e0c99072"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339529/; classtype:trojan-activity;sid:84202629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339297)"; flow:established,from_client; content:"GET"; http_method; content:"/vietnamplug.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ai-kling.online"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339297/; classtype:trojan-activity;sid:84202397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339296)"; flow:established,from_client; content:"GET"; http_method; content:"/vietnamplug.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ai-kling.online"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339296/; classtype:trojan-activity;sid:84202396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339266)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.125.133.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339266/; classtype:trojan-activity;sid:84202366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339269)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.52.16.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339269/; classtype:trojan-activity;sid:84202369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339264)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.23.51.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339264/; classtype:trojan-activity;sid:84202364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339257)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.6.14.187"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339257/; classtype:trojan-activity;sid:84202357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339250)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.131.166.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339250/; classtype:trojan-activity;sid:84202350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339252)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.136.225.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339252/; classtype:trojan-activity;sid:84202352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339253)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.147.142.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339253/; classtype:trojan-activity;sid:84202353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339245)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.138.107.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339245/; classtype:trojan-activity;sid:84202345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339247)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.125.133.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339247/; classtype:trojan-activity;sid:84202347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339241)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.23.51.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339241/; classtype:trojan-activity;sid:84202341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339239)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"180.211.187.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339239/; classtype:trojan-activity;sid:84202339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339240)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.233.95.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339240/; classtype:trojan-activity;sid:84202340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339236)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.15.137.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339236/; classtype:trojan-activity;sid:84202336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339226)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.223.44.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339226/; classtype:trojan-activity;sid:84202326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339227)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"179.236.0.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339227/; classtype:trojan-activity;sid:84202327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339229)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.232.133.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339229/; classtype:trojan-activity;sid:84202329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339230)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.12.157.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339230/; classtype:trojan-activity;sid:84202330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339224)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.90.15.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339224/; classtype:trojan-activity;sid:84202324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339216)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.136.193.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339216/; classtype:trojan-activity;sid:84202316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339219)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"117.20.27.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339219/; classtype:trojan-activity;sid:84202319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339220)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.101.230.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339220/; classtype:trojan-activity;sid:84202320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339221)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.93.83.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339221/; classtype:trojan-activity;sid:84202321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339222)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.43.6.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339222/; classtype:trojan-activity;sid:84202322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339215)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.222.2.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339215/; classtype:trojan-activity;sid:84202315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339209)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.96.1.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339209/; classtype:trojan-activity;sid:84202309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339202)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.34.205.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339202/; classtype:trojan-activity;sid:84202302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339203)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.43.74.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339203/; classtype:trojan-activity;sid:84202303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339206)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"159.148.48.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339206/; classtype:trojan-activity;sid:84202306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339200)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.165.170.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339200/; classtype:trojan-activity;sid:84202300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339193)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.115.101.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339193/; classtype:trojan-activity;sid:84202293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339181)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.236.133.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339181/; classtype:trojan-activity;sid:84202281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339177)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.236.129.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339177/; classtype:trojan-activity;sid:84202277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339168)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.110.204.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339168/; classtype:trojan-activity;sid:84202268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339171)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.57.125.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339171/; classtype:trojan-activity;sid:84202271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339165)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.37.126.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339165/; classtype:trojan-activity;sid:84202265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339162)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.233.125.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339162/; classtype:trojan-activity;sid:84202262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339154)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"152.231.66.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339154/; classtype:trojan-activity;sid:84202254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339156)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.53.164.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339156/; classtype:trojan-activity;sid:84202256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339151)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"112.81.124.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339151/; classtype:trojan-activity;sid:84202251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339152)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.164.191.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339152/; classtype:trojan-activity;sid:84202252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339147)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.254.186.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339147/; classtype:trojan-activity;sid:84202247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339142)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.162.140.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339142/; classtype:trojan-activity;sid:84202242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339132)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.113.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339132/; classtype:trojan-activity;sid:84202232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339133)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.126.186.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339133/; classtype:trojan-activity;sid:84202233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339136)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.101.157.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339136/; classtype:trojan-activity;sid:84202236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339118)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"83.218.189.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339118/; classtype:trojan-activity;sid:84202218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339120)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.136.195.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339120/; classtype:trojan-activity;sid:84202220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339121)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.216.107.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339121/; classtype:trojan-activity;sid:84202221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339124)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.87.31.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339124/; classtype:trojan-activity;sid:84202224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339126)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.236.135.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339126/; classtype:trojan-activity;sid:84202226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339127)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"173.178.94.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339127/; classtype:trojan-activity;sid:84202227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339128)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"156.200.109.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339128/; classtype:trojan-activity;sid:84202228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339116)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.225.179.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339116/; classtype:trojan-activity;sid:84202216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339114)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.245.78.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339114/; classtype:trojan-activity;sid:84202214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339111)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.121.195.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339111/; classtype:trojan-activity;sid:84202211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339106)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.43.6.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339106/; classtype:trojan-activity;sid:84202206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339109)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.84.39.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339109/; classtype:trojan-activity;sid:84202209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339105)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"86.34.137.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339105/; classtype:trojan-activity;sid:84202205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339093)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.205.84.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339093/; classtype:trojan-activity;sid:84202193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339099)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.233.95.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339099/; classtype:trojan-activity;sid:84202199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339100)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.125.133.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339100/; classtype:trojan-activity;sid:84202200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339084)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.85.166.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339084/; classtype:trojan-activity;sid:84202184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339086)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.121.33.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339086/; classtype:trojan-activity;sid:84202186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339092)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.214.196.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339092/; classtype:trojan-activity;sid:84202192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339078)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.107.32.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339078/; classtype:trojan-activity;sid:84202178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339082)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.154.209.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339082/; classtype:trojan-activity;sid:84202182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339065)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.158.158.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339065/; classtype:trojan-activity;sid:84202165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339061)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.153.52.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339061/; classtype:trojan-activity;sid:84202161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339019)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.106.152.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339019/; classtype:trojan-activity;sid:84202119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339004)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.212.60.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339004/; classtype:trojan-activity;sid:84202104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338989)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.92.14.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338989/; classtype:trojan-activity;sid:84202089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338963)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.24.38.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338963/; classtype:trojan-activity;sid:84202063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338964)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.236.244.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338964/; classtype:trojan-activity;sid:84202064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338967)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.62.69.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338967/; classtype:trojan-activity;sid:84202067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338955)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.90.142.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338955/; classtype:trojan-activity;sid:84202055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338948)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.104.22.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338948/; classtype:trojan-activity;sid:84202048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338943)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.46.28.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338943/; classtype:trojan-activity;sid:84202043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338936)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"api.co-operativefinance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338936/; classtype:trojan-activity;sid:84202036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338928)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"admin.aishangzhua.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338928/; classtype:trojan-activity;sid:84202028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338919)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.120.60.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338919/; classtype:trojan-activity;sid:84202019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338920)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.137.114.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338920/; classtype:trojan-activity;sid:84202020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338918)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.35.228.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338918/; classtype:trojan-activity;sid:84202018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338914)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"92.118.170.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338914/; classtype:trojan-activity;sid:84202014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338906)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.41.89.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338906/; classtype:trojan-activity;sid:84202006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338904)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ecs-123-60-182-88.compute.hwclouds-dns.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338904/; classtype:trojan-activity;sid:84202004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338898)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.90.142.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338898/; classtype:trojan-activity;sid:84201998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338892)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"29.251.196.35.bc.googleusercontent.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338892/; classtype:trojan-activity;sid:84201992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338863)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.128.146.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338863/; classtype:trojan-activity;sid:84201963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338856)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338856/; classtype:trojan-activity;sid:84201956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338843)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.100.63.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338843/; classtype:trojan-activity;sid:84201943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338844)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.201.247.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338844/; classtype:trojan-activity;sid:84201944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338850)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.246.208.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338850/; classtype:trojan-activity;sid:84201950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338813)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/plugin2.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338813/; classtype:trojan-activity;sid:84201913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338810)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/plugin1.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338810/; classtype:trojan-activity;sid:84201910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338811)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/plugin2.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338811/; classtype:trojan-activity;sid:84201911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338812)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/plugin1.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338812/; classtype:trojan-activity;sid:84201912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338758)"; flow:established,from_client; content:"GET"; http_method; content:"/rimase12/urika/raw/refs/heads/main/berekegift.apk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338758/; classtype:trojan-activity;sid:84201858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338755)"; flow:established,from_client; content:"GET"; http_method; content:"/l0venxn22/eulenmodmenu/main/loader.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338755/; classtype:trojan-activity;sid:84201855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338729)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/europe123.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338729/; classtype:trojan-activity;sid:84201829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338728)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/l3bevvn7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338728/; classtype:trojan-activity;sid:84201828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338727)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/k1de2zkz.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338727/; classtype:trojan-activity;sid:84201827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338726)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/d8rb24m3.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338726/; classtype:trojan-activity;sid:84201826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338724)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lu4421.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338724/; classtype:trojan-activity;sid:84201824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338717)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lega.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338717/; classtype:trojan-activity;sid:84201817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338718)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/g9win6bb.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338718/; classtype:trojan-activity;sid:84201818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338719)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dmn6qzwr.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338719/; classtype:trojan-activity;sid:84201819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338722)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kxfh9qhs.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338722/; classtype:trojan-activity;sid:84201822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338714)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/app.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338714/; classtype:trojan-activity;sid:84201814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338708)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/set-up-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338708/; classtype:trojan-activity;sid:84201808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338710)"; flow:established,from_client; content:"GET"; http_method; content:"/uploadcsv/file/uploadcsvv416.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"tianyinsoft.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338710/; classtype:trojan-activity;sid:84201810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338706)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/main/mpsl"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338706/; classtype:trojan-activity;sid:84201806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338704)"; flow:established,from_client; content:"GET"; http_method; content:"/loader.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"loader.hxsoftwares.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338704/; classtype:trojan-activity;sid:84201804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338702)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/v_dolg.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338702/; classtype:trojan-activity;sid:84201802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338693)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/main/sh4"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338693/; classtype:trojan-activity;sid:84201793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338695)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/aqbjn3fl.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338695/; classtype:trojan-activity;sid:84201795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338675)"; flow:established,from_client; content:"GET"; http_method; content:"/rimase12/urika/raw/refs/heads/main/zeropersca.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338675/; classtype:trojan-activity;sid:84201775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338669)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/trru7rd2.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338669/; classtype:trojan-activity;sid:84201769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338668)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5hvzv2sl.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338668/; classtype:trojan-activity;sid:84201768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338664)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/atleqqxo.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338664/; classtype:trojan-activity;sid:84201764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338655)"; flow:established,from_client; content:"GET"; http_method; content:"/hostfile/taptin/autoupdate.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"update.volam2005pk.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338655/; classtype:trojan-activity;sid:84201755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338656)"; flow:established,from_client; content:"GET"; http_method; content:"/kabot/unix-privilege-escalation-exploits-pack/master/2012/vmsplice-local-root-exploit"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338656/; classtype:trojan-activity;sid:84201756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338653)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/nsoft.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338653/; classtype:trojan-activity;sid:84201753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338650)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bandwidthmonitor.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338650/; classtype:trojan-activity;sid:84201750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338644)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5hvzv2sl.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338644/; classtype:trojan-activity;sid:84201744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338638)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/plugin3.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338638/; classtype:trojan-activity;sid:84201738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338639)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/alex2022.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338639/; classtype:trojan-activity;sid:84201739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338637)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/quzfesaq.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338637/; classtype:trojan-activity;sid:84201737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338636)"; flow:established,from_client; content:"GET"; http_method; content:"/client_main/loader.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"keyser-api.eu"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338636/; classtype:trojan-activity;sid:84201736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338635)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/qpg08oli.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338635/; classtype:trojan-activity;sid:84201735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338633)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xmbld.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338633/; classtype:trojan-activity;sid:84201733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338631)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/d4cye08a.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338631/; classtype:trojan-activity;sid:84201731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338627)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xao8gh38.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338627/; classtype:trojan-activity;sid:84201727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338624)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/alex2025.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338624/; classtype:trojan-activity;sid:84201724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338625)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/p4cof96p.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338625/; classtype:trojan-activity;sid:84201725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338623)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/r42aoop5.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338623/; classtype:trojan-activity;sid:84201723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338621)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/visagiftcardgen.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338621/; classtype:trojan-activity;sid:84201721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338620)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2kudv4ea.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338620/; classtype:trojan-activity;sid:84201720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338614)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/x6uvjuko.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338614/; classtype:trojan-activity;sid:84201714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338606)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/roblox1.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338606/; classtype:trojan-activity;sid:84201706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338602)"; flow:established,from_client; content:"GET"; http_method; content:"/uploadbaby/file/uploadbabyv538.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"tianyinsoft.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338602/; classtype:trojan-activity;sid:84201702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338599)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zk1b090h.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338599/; classtype:trojan-activity;sid:84201699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338591)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/alex2025.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338591/; classtype:trojan-activity;sid:84201691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338590)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/szo0xbx8.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338590/; classtype:trojan-activity;sid:84201690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338581)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/alex2022.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338581/; classtype:trojan-activity;sid:84201681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338576)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/1fxm3u0d.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338576/; classtype:trojan-activity;sid:84201676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338573)"; flow:established,from_client; content:"GET"; http_method; content:"/test/am209.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338573/; classtype:trojan-activity;sid:84201673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338572)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2v6wf6kn.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338572/; classtype:trojan-activity;sid:84201672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338570)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon_x64.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.36.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338570/; classtype:trojan-activity;sid:84201670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338567)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/305iz8bs.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338567/; classtype:trojan-activity;sid:84201667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338563)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mzjfgebm.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338563/; classtype:trojan-activity;sid:84201663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338557)"; flow:established,from_client; content:"GET"; http_method; content:"/net/boot.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"quanlyphongnet.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338557/; classtype:trojan-activity;sid:84201657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338560)"; flow:established,from_client; content:"GET"; http_method; content:"/ga13372/jv/main/javaw.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338560/; classtype:trojan-activity;sid:84201660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338561)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/3zv8x9q7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338561/; classtype:trojan-activity;sid:84201661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338554)"; flow:established,from_client; content:"GET"; http_method; content:"/jhpatchouli/payload/raw/master/artifact.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"gitee.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338554/; classtype:trojan-activity;sid:84201654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338550)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/n8um2y9v.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338550/; classtype:trojan-activity;sid:84201650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338548)"; flow:established,from_client; content:"GET"; http_method; content:"/nicxlau/alfa-shell/master/alfa-obfuscated.php"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338548/; classtype:trojan-activity;sid:84201648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338546)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/image/inlandspom.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"www.clubedasluluzinhasro.com.br"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338546/; classtype:trojan-activity;sid:84201646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338542)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zq6a1iqg.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338542/; classtype:trojan-activity;sid:84201642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338534)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/scj7cm7v.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338534/; classtype:trojan-activity;sid:84201634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338535)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/main/arm6"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338535/; classtype:trojan-activity;sid:84201635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338527)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/app.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338527/; classtype:trojan-activity;sid:84201627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338524)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xmbld.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338524/; classtype:trojan-activity;sid:84201624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338525)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/szo0xbx8.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338525/; classtype:trojan-activity;sid:84201625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338526)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zk1b090h.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338526/; classtype:trojan-activity;sid:84201626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338518)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/l3bevvn7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338518/; classtype:trojan-activity;sid:84201618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338519)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/x6uvjuko.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338519/; classtype:trojan-activity;sid:84201619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338520)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/set-up-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338520/; classtype:trojan-activity;sid:84201620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338521)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/trru7rd2.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338521/; classtype:trojan-activity;sid:84201621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338522)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/d8rb24m3.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338522/; classtype:trojan-activity;sid:84201622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338516)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/europe123.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338516/; classtype:trojan-activity;sid:84201616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338517)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kxfh9qhs.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338517/; classtype:trojan-activity;sid:84201617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338515)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lu4421.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338515/; classtype:trojan-activity;sid:84201615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338514)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/atleqqxo.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338514/; classtype:trojan-activity;sid:84201614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338513)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lega.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338513/; classtype:trojan-activity;sid:84201613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338512)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bandwidthmonitor.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338512/; classtype:trojan-activity;sid:84201612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338511)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/v_dolg.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338511/; classtype:trojan-activity;sid:84201611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338509)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/qpg08oli.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338509/; classtype:trojan-activity;sid:84201609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338510)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/t8wl838w.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338510/; classtype:trojan-activity;sid:84201610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338506)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/d4cye08a.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338506/; classtype:trojan-activity;sid:84201606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338507)"; flow:established,from_client; content:"GET"; http_method; content:"/aissardp/payload/main/payload.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338507/; classtype:trojan-activity;sid:84201607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338508)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/nsoft.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338508/; classtype:trojan-activity;sid:84201608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338505)"; flow:established,from_client; content:"GET"; http_method; content:"/cracker1337uwu/rrr/main/bypass.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338505/; classtype:trojan-activity;sid:84201605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338502)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mzjfgebm.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338502/; classtype:trojan-activity;sid:84201602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338501)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/aqbjn3fl.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338501/; classtype:trojan-activity;sid:84201601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338500)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/visagiftcardgen.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338500/; classtype:trojan-activity;sid:84201600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338497)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/305iz8bs.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338497/; classtype:trojan-activity;sid:84201597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338499)"; flow:established,from_client; content:"GET"; http_method; content:"/g1vi/cve-2023-2640-cve-2023-32629/main/exploit.sh"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338499/; classtype:trojan-activity;sid:84201599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338496)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/g9win6bb.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338496/; classtype:trojan-activity;sid:84201596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338495)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/quzfesaq.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338495/; classtype:trojan-activity;sid:84201595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338493)"; flow:established,from_client; content:"GET"; http_method; content:"/nguyenmanmkt/repo1/main/exploit-2"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338493/; classtype:trojan-activity;sid:84201593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338492)"; flow:established,from_client; content:"GET"; http_method; content:"/leetcipher/malware.development/main/self-injection/self-injection.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338492/; classtype:trojan-activity;sid:84201592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338489)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/r42aoop5.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338489/; classtype:trojan-activity;sid:84201589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338490)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/plugin3.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338490/; classtype:trojan-activity;sid:84201590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338486)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zq6a1iqg.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338486/; classtype:trojan-activity;sid:84201586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338487)"; flow:established,from_client; content:"GET"; http_method; content:"/cyberhunter00/remote_hijack/master/uac_bypass.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338487/; classtype:trojan-activity;sid:84201587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338483)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xao8gh38.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338483/; classtype:trojan-activity;sid:84201583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338477)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/roblox1.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338477/; classtype:trojan-activity;sid:84201577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338481)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/p4cof96p.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338481/; classtype:trojan-activity;sid:84201581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338473)"; flow:established,from_client; content:"GET"; http_method; content:"/fromfranceanb/d46c38bce2b0d9c6hcffa6baea82ece29fa6d238/main/injection.js"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338473/; classtype:trojan-activity;sid:84201573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338474)"; flow:established,from_client; content:"GET"; http_method; content:"/test/am209.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338474/; classtype:trojan-activity;sid:84201574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338475)"; flow:established,from_client; content:"GET"; http_method; content:"/cocomelonc/2022-01-14-malware-injection-13/master/hack.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338475/; classtype:trojan-activity;sid:84201575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338476)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/n8um2y9v.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338476/; classtype:trojan-activity;sid:84201576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338462)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/1fxm3u0d.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338462/; classtype:trojan-activity;sid:84201562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338463)"; flow:established,from_client; content:"GET"; http_method; content:"/justforexela/injection/main/injection.js"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338463/; classtype:trojan-activity;sid:84201563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338464)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/scj7cm7v.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338464/; classtype:trojan-activity;sid:84201564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338466)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dmn6qzwr.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338466/; classtype:trojan-activity;sid:84201566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338467)"; flow:established,from_client; content:"GET"; http_method; content:"/fxtazz/injection/main/index.js"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338467/; classtype:trojan-activity;sid:84201567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338470)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2v6wf6kn.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338470/; classtype:trojan-activity;sid:84201570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338471)"; flow:established,from_client; content:"GET"; http_method; content:"/leetcipher/malware.development/main/process-injection/process-injection.exe"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338471/; classtype:trojan-activity;sid:84201571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338459)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2kudv4ea.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338459/; classtype:trojan-activity;sid:84201559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338460)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/k1de2zkz.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338460/; classtype:trojan-activity;sid:84201560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338458)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/3zv8x9q7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338458/; classtype:trojan-activity;sid:84201558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338451)"; flow:established,from_client; content:"GET"; http_method; content:"/sixaknow/uac_bypass_/main/module_377498327498dcxvc32434.dll"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338451/; classtype:trojan-activity;sid:84201551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338443)"; flow:established,from_client; content:"GET"; http_method; content:"/pistacchietto/win-python-backdoor/master/standalone_payload.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338443/; classtype:trojan-activity;sid:84201543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338434)"; flow:established,from_client; content:"GET"; http_method; content:"/sanzaz/phantomious/main/injection-clean.js"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338434/; classtype:trojan-activity;sid:84201534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338140)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/indentif.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338140/; classtype:trojan-activity;sid:84201240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338138)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/hashed.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338138/; classtype:trojan-activity;sid:84201238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338139)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/identification-1.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338139/; classtype:trojan-activity;sid:84201239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338136)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/set-up.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338136/; classtype:trojan-activity;sid:84201236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338137)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/channel1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338137/; classtype:trojan-activity;sid:84201237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338135)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/setup2.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338135/; classtype:trojan-activity;sid:84201235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338134)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/installer.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338134/; classtype:trojan-activity;sid:84201234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338133)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/team.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338133/; classtype:trojan-activity;sid:84201233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338131)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/probnik.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338131/; classtype:trojan-activity;sid:84201231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338130)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ji2xlo1f.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338130/; classtype:trojan-activity;sid:84201230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338129)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xxz.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338129/; classtype:trojan-activity;sid:84201229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338127)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ven_protected.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338127/; classtype:trojan-activity;sid:84201227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338126)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/client_protected.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338126/; classtype:trojan-activity;sid:84201226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338125)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/worker.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338125/; classtype:trojan-activity;sid:84201225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338124)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/resex.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338124/; classtype:trojan-activity;sid:84201224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338123)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/qqq.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338123/; classtype:trojan-activity;sid:84201223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338122)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/semiconductornot.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338122/; classtype:trojan-activity;sid:84201222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338120)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gold1234.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338120/; classtype:trojan-activity;sid:84201220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338121)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/diff.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338121/; classtype:trojan-activity;sid:84201221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338118)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/winrar-x64-701.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338118/; classtype:trojan-activity;sid:84201218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338119)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/creal.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338119/; classtype:trojan-activity;sid:84201219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338116)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummac222222.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338116/; classtype:trojan-activity;sid:84201216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338117)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/seo.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338117/; classtype:trojan-activity;sid:84201217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338113)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/t3.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338113/; classtype:trojan-activity;sid:84201213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338114)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pichon.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338114/; classtype:trojan-activity;sid:84201214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338115)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/nano.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338115/; classtype:trojan-activity;sid:84201215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338112)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/octus.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338112/; classtype:trojan-activity;sid:84201212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338109)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bundle.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338109/; classtype:trojan-activity;sid:84201209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338110)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cbmefxrmnv.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338110/; classtype:trojan-activity;sid:84201210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338111)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/main.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338111/; classtype:trojan-activity;sid:84201211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338108)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/psfei0ez.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338108/; classtype:trojan-activity;sid:84201208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338107)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/clcs.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338107/; classtype:trojan-activity;sid:84201207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338105)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/msedge.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338105/; classtype:trojan-activity;sid:84201205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338106)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypted.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338106/; classtype:trojan-activity;sid:84201206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338104)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mobiletrans.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338104/; classtype:trojan-activity;sid:84201204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338101)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rage.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338101/; classtype:trojan-activity;sid:84201201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338102)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/clsid.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338102/; classtype:trojan-activity;sid:84201202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338103)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zts.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338103/; classtype:trojan-activity;sid:84201203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338100)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xt.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338100/; classtype:trojan-activity;sid:84201200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338099)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cnyvvl.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338099/; classtype:trojan-activity;sid:84201199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338097)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pered.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338097/; classtype:trojan-activity;sid:84201197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338098)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dccrypt.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338098/; classtype:trojan-activity;sid:84201198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338095)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/prem1.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338095/; classtype:trojan-activity;sid:84201195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338094)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kp8dnpa9.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338094/; classtype:trojan-activity;sid:84201194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338090)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/winx86.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338090/; classtype:trojan-activity;sid:84201190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338091)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/j86piuq9.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338091/; classtype:trojan-activity;sid:84201191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338093)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build555.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338093/; classtype:trojan-activity;sid:84201193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338089)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lgendpremium.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338089/; classtype:trojan-activity;sid:84201189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338088)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/yxrd0ob7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338088/; classtype:trojan-activity;sid:84201188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338087)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/splwow64.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338087/; classtype:trojan-activity;sid:84201187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338086)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/new1.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338086/; classtype:trojan-activity;sid:84201186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338084)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gift-info.lmg.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338084/; classtype:trojan-activity;sid:84201184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338085)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/penis.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338085/; classtype:trojan-activity;sid:84201185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338082)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/doc.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338082/; classtype:trojan-activity;sid:84201182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338083)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/myrdx.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338083/; classtype:trojan-activity;sid:84201183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338081)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/diskutility.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338081/; classtype:trojan-activity;sid:84201181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338079)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/jb4w5s2l.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338079/; classtype:trojan-activity;sid:84201179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338080)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/purlog.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338080/; classtype:trojan-activity;sid:84201180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338075)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ewpeloxttug.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338075/; classtype:trojan-activity;sid:84201175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338076)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/q1wnx5ir.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338076/; classtype:trojan-activity;sid:84201176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338077)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummetc.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338077/; classtype:trojan-activity;sid:84201177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338078)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/s%d0%b5tu%d1%80111.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338078/; classtype:trojan-activity;sid:84201178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338073)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/soft2.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338073/; classtype:trojan-activity;sid:84201173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338074)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vn70wvxw.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338074/; classtype:trojan-activity;sid:84201174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338072)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ukodbcdcl.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338072/; classtype:trojan-activity;sid:84201172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338071)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/h5a71wdy.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338071/; classtype:trojan-activity;sid:84201171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338070)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ovrflw.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338070/; classtype:trojan-activity;sid:84201170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338068)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gsprout.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338068/; classtype:trojan-activity;sid:84201168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338069)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/meta.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338069/; classtype:trojan-activity;sid:84201169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338066)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/unit.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338066/; classtype:trojan-activity;sid:84201166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338067)"; flow:established,from_client; content:"GET"; http_method; content:"/soka/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338067/; classtype:trojan-activity;sid:84201167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338065)"; flow:established,from_client; content:"GET"; http_method; content:"/off/def.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338065/; classtype:trojan-activity;sid:84201165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338060)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/decryptjohn.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338060/; classtype:trojan-activity;sid:84201160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338061)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/hvnc1.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338061/; classtype:trojan-activity;sid:84201161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338062)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stealc_default2.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338062/; classtype:trojan-activity;sid:84201162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338058)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bwapp.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338058/; classtype:trojan-activity;sid:84201158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338059)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/shopfree.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338059/; classtype:trojan-activity;sid:84201159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338057)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/frap.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338057/; classtype:trojan-activity;sid:84201157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338055)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/s%d0%b5tup.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338055/; classtype:trojan-activity;sid:84201155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338056)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pyl64.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338056/; classtype:trojan-activity;sid:84201156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338054)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/explorer.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338054/; classtype:trojan-activity;sid:84201154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338052)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/major.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338052/; classtype:trojan-activity;sid:84201152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338053)"; flow:established,from_client; content:"GET"; http_method; content:"/steam/random.exe|3f|9i/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338053/; classtype:trojan-activity;sid:84201153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338050)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/torque.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338050/; classtype:trojan-activity;sid:84201150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338051)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mk.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338051/; classtype:trojan-activity;sid:84201151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338049)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/softina.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338049/; classtype:trojan-activity;sid:84201149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338048)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/file.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338048/; classtype:trojan-activity;sid:84201148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338045)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/edge.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338045/; classtype:trojan-activity;sid:84201145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338046)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/completestudio.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338046/; classtype:trojan-activity;sid:84201146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338047)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/redsystem.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338047/; classtype:trojan-activity;sid:84201147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338044)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svchost.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338044/; classtype:trojan-activity;sid:84201144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338043)"; flow:established,from_client; content:"GET"; http_method; content:"/mine/random.exe|3f|y"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338043/; classtype:trojan-activity;sid:84201143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338042)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ghost_0x000263826b9a9b91.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338042/; classtype:trojan-activity;sid:84201142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338041)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypteda.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338041/; classtype:trojan-activity;sid:84201141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338039)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gawdth.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338039/; classtype:trojan-activity;sid:84201139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338040)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/surfex.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338040/; classtype:trojan-activity;sid:84201140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338037)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/noll.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338037/; classtype:trojan-activity;sid:84201137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338038)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/identifications.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338038/; classtype:trojan-activity;sid:84201138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338036)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/def.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338036/; classtype:trojan-activity;sid:84201136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338034)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/uhigdbf.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338034/; classtype:trojan-activity;sid:84201134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338035)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zxcv.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338035/; classtype:trojan-activity;sid:84201135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338033)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/neonn.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338033/; classtype:trojan-activity;sid:84201133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338031)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rstxdhuj.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338031/; classtype:trojan-activity;sid:84201131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338032)"; flow:established,from_client; content:"GET"; http_method; content:"/lumma/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338032/; classtype:trojan-activity;sid:84201132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338029)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/considerablewinners.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338029/; classtype:trojan-activity;sid:84201129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338030)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zzz.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338030/; classtype:trojan-activity;sid:84201130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338028)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/identification.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338028/; classtype:trojan-activity;sid:84201128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338027)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gold.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338027/; classtype:trojan-activity;sid:84201127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338025)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vhpcde.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338025/; classtype:trojan-activity;sid:84201125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338026)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zzzz1.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338026/; classtype:trojan-activity;sid:84201126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338024)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pctoccurred.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338024/; classtype:trojan-activity;sid:84201124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338021)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svc.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338021/; classtype:trojan-activity;sid:84201121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338022)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xyaw4fkp.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338022/; classtype:trojan-activity;sid:84201122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338023)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/deliciouspart.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338023/; classtype:trojan-activity;sid:84201123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338020)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dsds.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338020/; classtype:trojan-activity;sid:84201120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338018)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/utility-inst.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338018/; classtype:trojan-activity;sid:84201118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338019)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/contorax.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338019/; classtype:trojan-activity;sid:84201119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338017)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/firefox.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338017/; classtype:trojan-activity;sid:84201117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338016)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stealc_valenciga.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338016/; classtype:trojan-activity;sid:84201116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338015)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/postbox.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338015/; classtype:trojan-activity;sid:84201115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338014)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gdn5yfjd.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338014/; classtype:trojan-activity;sid:84201114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338012)"; flow:established,from_client; content:"GET"; http_method; content:"/mine/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338012/; classtype:trojan-activity;sid:84201112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338013)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/windowsui.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338013/; classtype:trojan-activity;sid:84201113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338009)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/microsoft.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338009/; classtype:trojan-activity;sid:84201109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338010)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/tn8cdkzn.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338010/; classtype:trojan-activity;sid:84201110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338011)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ubi-inst.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338011/; classtype:trojan-activity;sid:84201111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338008)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/northsperm.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338008/; classtype:trojan-activity;sid:84201108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338007)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummac2.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338007/; classtype:trojan-activity;sid:84201107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338006)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/clip.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338006/; classtype:trojan-activity;sid:84201106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338001)"; flow:established,from_client; content:"GET"; http_method; content:"/store/vidar.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338001/; classtype:trojan-activity;sid:84201101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338002)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/setup.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338002/; classtype:trojan-activity;sid:84201102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338003)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ewrvuh.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338003/; classtype:trojan-activity;sid:84201103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338004)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xm.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338004/; classtype:trojan-activity;sid:84201104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338005)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ohtie89k.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338005/; classtype:trojan-activity;sid:84201105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338000)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/install2.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338000/; classtype:trojan-activity;sid:84201100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337999)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/unison.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337999/; classtype:trojan-activity;sid:84201099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337998)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/legas.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337998/; classtype:trojan-activity;sid:84201098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337997)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dtrade_v1.3.6.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337997/; classtype:trojan-activity;sid:84201097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337994)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/te3tlsre.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337994/; classtype:trojan-activity;sid:84201094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337995)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build9.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337995/; classtype:trojan-activity;sid:84201095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337996)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/exclude.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337996/; classtype:trojan-activity;sid:84201096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337993)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cclent.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337993/; classtype:trojan-activity;sid:84201093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337992)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/singerjudy.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337992/; classtype:trojan-activity;sid:84201092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337991)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/out_test_sig.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337991/; classtype:trojan-activity;sid:84201091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337990)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/jsawdtyjde.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337990/; classtype:trojan-activity;sid:84201090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337989)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummac22222.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337989/; classtype:trojan-activity;sid:84201089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337988)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build11.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337988/; classtype:trojan-activity;sid:84201088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337985)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vlst.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337985/; classtype:trojan-activity;sid:84201085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337986)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/buildred.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337986/; classtype:trojan-activity;sid:84201086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337987)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/systems.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337987/; classtype:trojan-activity;sid:84201087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337984)"; flow:established,from_client; content:"GET"; http_method; content:"/lego/ama.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337984/; classtype:trojan-activity;sid:84201084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337983)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rdx123456.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337983/; classtype:trojan-activity;sid:84201083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337982)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pkcontent.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337982/; classtype:trojan-activity;sid:84201082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337980)"; flow:established,from_client; content:"GET"; http_method; content:"/off/random.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337980/; classtype:trojan-activity;sid:84201080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337981)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/operation6572.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337981/; classtype:trojan-activity;sid:84201081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337979)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/loadnew.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337979/; classtype:trojan-activity;sid:84201079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337978)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kill.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337978/; classtype:trojan-activity;sid:84201078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337976)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/test.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337976/; classtype:trojan-activity;sid:84201076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337977)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/windowsexecutable.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337977/; classtype:trojan-activity;sid:84201077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337974)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mswgoudnv.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337974/; classtype:trojan-activity;sid:84201074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337972)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/survox.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337972/; classtype:trojan-activity;sid:84201072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337973)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/feb9sxwk.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337973/; classtype:trojan-activity;sid:84201073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337971)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/freedom.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337971/; classtype:trojan-activity;sid:84201071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337966)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pyld611114.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337966/; classtype:trojan-activity;sid:84201066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337967)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/coreplugin.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337967/; classtype:trojan-activity;sid:84201067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337968)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/client.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337968/; classtype:trojan-activity;sid:84201068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337969)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ldqj18tn.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337969/; classtype:trojan-activity;sid:84201069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337970)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cudo.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337970/; classtype:trojan-activity;sid:84201070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337965)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cccc2.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337965/; classtype:trojan-activity;sid:84201065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337963)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pyld64.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337963/; classtype:trojan-activity;sid:84201063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337964)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rms1.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337964/; classtype:trojan-activity;sid:84201064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337959)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kmvcsaed.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337959/; classtype:trojan-activity;sid:84201059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337960)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/hhnjqu9y.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337960/; classtype:trojan-activity;sid:84201060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337961)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/loader_5879465914.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337961/; classtype:trojan-activity;sid:84201061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337962)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kiyan.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337962/; classtype:trojan-activity;sid:84201062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337958)"; flow:established,from_client; content:"GET"; http_method; content:"/store/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337958/; classtype:trojan-activity;sid:84201058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337956)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vidar.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337956/; classtype:trojan-activity;sid:84201056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337957)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/taskhost.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337957/; classtype:trojan-activity;sid:84201057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337955)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/needmoney.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337955/; classtype:trojan-activity;sid:84201055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337954)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/newbundle.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337954/; classtype:trojan-activity;sid:84201054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337953)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/neon.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337953/; classtype:trojan-activity;sid:84201053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337952)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pimer_bbbcontents7.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337952/; classtype:trojan-activity;sid:84201052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337951)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/new_v8.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337951/; classtype:trojan-activity;sid:84201051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337950)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/golden.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337950/; classtype:trojan-activity;sid:84201050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337947)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypted8888.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337947/; classtype:trojan-activity;sid:84201047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337948)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kitty.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337948/; classtype:trojan-activity;sid:84201048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337949)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/v7wa24td.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337949/; classtype:trojan-activity;sid:84201049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337946)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cookie250.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337946/; classtype:trojan-activity;sid:84201046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337945)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pharmaciesdetection.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337945/; classtype:trojan-activity;sid:84201045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337944)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/server.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337944/; classtype:trojan-activity;sid:84201044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337941)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/yoyf.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337941/; classtype:trojan-activity;sid:84201041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337942)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/f86nrrc6.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337942/; classtype:trojan-activity;sid:84201042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337943)"; flow:established,from_client; content:"GET"; http_method; content:"/luma/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337943/; classtype:trojan-activity;sid:84201043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337938)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/sgx4824p.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337938/; classtype:trojan-activity;sid:84201038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337939)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/out.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337939/; classtype:trojan-activity;sid:84201039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337940)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/chicken123.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337940/; classtype:trojan-activity;sid:84201040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337937)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/scheduledllama.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337937/; classtype:trojan-activity;sid:84201037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337935)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/winrarinstall.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337935/; classtype:trojan-activity;sid:84201035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337936)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xxl.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337936/; classtype:trojan-activity;sid:84201036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337934)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/drchoe.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337934/; classtype:trojan-activity;sid:84201034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337932)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/launcher.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337932/; classtype:trojan-activity;sid:84201032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337933)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xxxx.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337933/; classtype:trojan-activity;sid:84201033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337931)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ufw.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337931/; classtype:trojan-activity;sid:84201031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337930)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gaozw40v.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337930/; classtype:trojan-activity;sid:84201030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337928)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dcratbuild.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337928/; classtype:trojan-activity;sid:84201028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337929)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/winn.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337929/; classtype:trojan-activity;sid:84201029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337926)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build2.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337926/; classtype:trojan-activity;sid:84201026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337927)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ha7dur10.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337927/; classtype:trojan-activity;sid:84201027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337923)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stealc_default.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337923/; classtype:trojan-activity;sid:84201023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337924)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/consoleapp3.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337924/; classtype:trojan-activity;sid:84201024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337925)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/univ.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337925/; classtype:trojan-activity;sid:84201025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337920)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/controlledaccesspoint.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337920/; classtype:trojan-activity;sid:84201020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337921)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummnew.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337921/; classtype:trojan-activity;sid:84201021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337922)"; flow:established,from_client; content:"GET"; http_method; content:"/steam/random.exe|3f|9i"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337922/; classtype:trojan-activity;sid:84201022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337919)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/soft.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337919/; classtype:trojan-activity;sid:84201019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337916)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/influencednervous.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337916/; classtype:trojan-activity;sid:84201016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337917)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/newfile.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337917/; classtype:trojan-activity;sid:84201017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337918)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/setup8.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337918/; classtype:trojan-activity;sid:84201018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337914)"; flow:established,from_client; content:"GET"; http_method; content:"/steam/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337914/; classtype:trojan-activity;sid:84201014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337915)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mynewrdx.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337915/; classtype:trojan-activity;sid:84201015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337913)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stealc_daval.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337913/; classtype:trojan-activity;sid:84201013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337912)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/googleupdate.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337912/; classtype:trojan-activity;sid:84201012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337911)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/final.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337911/; classtype:trojan-activity;sid:84201011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337910)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xclient_protected.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337910/; classtype:trojan-activity;sid:84201010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337908)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/qth5kdee.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337908/; classtype:trojan-activity;sid:84201008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337909)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gagagggagagag.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337909/; classtype:trojan-activity;sid:84201009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337905)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/divinedialogue.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337905/; classtype:trojan-activity;sid:84201005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337906)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rorukal.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337906/; classtype:trojan-activity;sid:84201006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337907)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cvv.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337907/; classtype:trojan-activity;sid:84201007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337904)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vidsusername.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337904/; classtype:trojan-activity;sid:84201004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337902)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cvimelugfq.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337902/; classtype:trojan-activity;sid:84201002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337903)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/j4vzzuai.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337903/; classtype:trojan-activity;sid:84201003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337896)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/opdxdyeul.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337896/; classtype:trojan-activity;sid:84200996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337897)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/onedrive.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337897/; classtype:trojan-activity;sid:84200997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337898)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/request.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337898/; classtype:trojan-activity;sid:84200998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337899)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/whiteheroin.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337899/; classtype:trojan-activity;sid:84200999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337901)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/onlysteal.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337901/; classtype:trojan-activity;sid:84201001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337894)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/newbundle2.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337894/; classtype:trojan-activity;sid:84200994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337895)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/robotic.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337895/; classtype:trojan-activity;sid:84200995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337890)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stub.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337890/; classtype:trojan-activity;sid:84200990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337891)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cc2.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337891/; classtype:trojan-activity;sid:84200991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337892)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dos.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337892/; classtype:trojan-activity;sid:84200992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337893)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mepaxil.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337893/; classtype:trojan-activity;sid:84200993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337889)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svhostc.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337889/; classtype:trojan-activity;sid:84200989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337884)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypted25.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337884/; classtype:trojan-activity;sid:84200984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337885)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/runtime.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337885/; classtype:trojan-activity;sid:84200985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337886)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/js.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337886/; classtype:trojan-activity;sid:84200986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337887)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/uctgkfb7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337887/; classtype:trojan-activity;sid:84200987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337888)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/morphic.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337888/; classtype:trojan-activity;sid:84200988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337883)"; flow:established,from_client; content:"GET"; http_method; content:"/test/do.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337883/; classtype:trojan-activity;sid:84200983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337882)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/authenticator222.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337882/; classtype:trojan-activity;sid:84200982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337881)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/authenticator.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337881/; classtype:trojan-activity;sid:84200981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337880)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/7777.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337880/; classtype:trojan-activity;sid:84200980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337879)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/8.11.9-windows.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337879/; classtype:trojan-activity;sid:84200979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337878)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bitcoincore.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337878/; classtype:trojan-activity;sid:84200978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337877)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/1111.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337877/; classtype:trojan-activity;sid:84200977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337876)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337876/; classtype:trojan-activity;sid:84200976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337875)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2020.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337875/; classtype:trojan-activity;sid:84200975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337874)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/3yh8gdte.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337874/; classtype:trojan-activity;sid:84200974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337872)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/battlegermany.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337872/; classtype:trojan-activity;sid:84200972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337873)"; flow:established,from_client; content:"GET"; http_method; content:"/clip/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337873/; classtype:trojan-activity;sid:84200973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337871)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/41m98slk.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337871/; classtype:trojan-activity;sid:84200971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337870)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/amadeus.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337870/; classtype:trojan-activity;sid:84200970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337869)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/blackload.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337869/; classtype:trojan-activity;sid:84200969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337868)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/3546345.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337868/; classtype:trojan-activity;sid:84200968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337867)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bqkriy6l.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337867/; classtype:trojan-activity;sid:84200967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337866)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/broadcom5.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337866/; classtype:trojan-activity;sid:84200966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337863)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bildnewl.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337863/; classtype:trojan-activity;sid:84200963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337864)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2r61ahry.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337864/; classtype:trojan-activity;sid:84200964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337865)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/30072024.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337865/; classtype:trojan-activity;sid:84200965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337862)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/88851n80.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337862/; classtype:trojan-activity;sid:84200962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337861)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5447jsx.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337861/; classtype:trojan-activity;sid:84200961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337860)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/18ijuw13.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337860/; classtype:trojan-activity;sid:84200960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337858)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/99awhy8l.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337858/; classtype:trojan-activity;sid:84200958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337859)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/4ck3rr.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337859/; classtype:trojan-activity;sid:84200959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337854)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/23c2343.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337854/; classtype:trojan-activity;sid:84200954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337855)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/343dsxs.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337855/; classtype:trojan-activity;sid:84200955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337856)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5_6190317556063017550.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337856/; classtype:trojan-activity;sid:84200956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337857)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/3544436.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337857/; classtype:trojan-activity;sid:84200957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337853)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/amadey.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337853/; classtype:trojan-activity;sid:84200953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337851)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5gevcp8z.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337851/; classtype:trojan-activity;sid:84200951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337852)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/anticheat.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337852/; classtype:trojan-activity;sid:84200952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337850)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5_6253708004881862888.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337850/; classtype:trojan-activity;sid:84200950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337847)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/88aext0k.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337847/; classtype:trojan-activity;sid:84200947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337848)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/25072023.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337848/; classtype:trojan-activity;sid:84200948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337849)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/87f3f2.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337849/; classtype:trojan-activity;sid:84200949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337846)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/1.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337846/; classtype:trojan-activity;sid:84200946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337844)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ai2.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337844/; classtype:trojan-activity;sid:84200944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337845)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5knchalah.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337845/; classtype:trojan-activity;sid:84200945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337842)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/6nteyex7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337842/; classtype:trojan-activity;sid:84200942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337843)"; flow:established,from_client; content:"GET"; http_method; content:"/dobre/splwow64_1.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337843/; classtype:trojan-activity;sid:84200943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337841)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bandwidth_monitor.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337841/; classtype:trojan-activity;sid:84200941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337839)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/0b44ippu.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337839/; classtype:trojan-activity;sid:84200939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337840)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/annesalt.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337840/; classtype:trojan-activity;sid:84200940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337838)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/armadegon.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337838/; classtype:trojan-activity;sid:84200938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337832)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/armanivenntii_crypted_easy.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337832/; classtype:trojan-activity;sid:84200932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337833)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/baddstore.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337833/; classtype:trojan-activity;sid:84200933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337834)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337834/; classtype:trojan-activity;sid:84200934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337835)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/7cl16anh.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337835/; classtype:trojan-activity;sid:84200935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337836)"; flow:established,from_client; content:"GET"; http_method; content:"/dobre/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337836/; classtype:trojan-activity;sid:84200936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337829)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/06082025.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337829/; classtype:trojan-activity;sid:84200929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337830)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/12.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337830/; classtype:trojan-activity;sid:84200930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337831)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/300.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337831/; classtype:trojan-activity;sid:84200931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337825)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/123.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337825/; classtype:trojan-activity;sid:84200925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337826)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build_2024-07-24_23-16.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337826/; classtype:trojan-activity;sid:84200926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337827)"; flow:established,from_client; content:"GET"; http_method; content:"/dobre/splwow64.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337827/; classtype:trojan-activity;sid:84200927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337828)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/14082024.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337828/; classtype:trojan-activity;sid:84200928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337823)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build_2024-07-27_00-41.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337823/; classtype:trojan-activity;sid:84200923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337824)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/4434.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337824/; classtype:trojan-activity;sid:84200924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337822)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build_2024-07-25_20-56.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337822/; classtype:trojan-activity;sid:84200922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337821)"; flow:established,from_client; content:"GET"; http_method; content:"/dobre/processclass.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337821/; classtype:trojan-activity;sid:84200921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337820)"; flow:established,from_client; content:"GET"; http_method; content:"/well/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337820/; classtype:trojan-activity;sid:84200920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337794)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/f/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337794/; classtype:trojan-activity;sid:84200894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337795)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/c/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337795/; classtype:trojan-activity;sid:84200895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337796)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/u/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337796/; classtype:trojan-activity;sid:84200896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337797)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/i/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337797/; classtype:trojan-activity;sid:84200897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.55.98.253"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337653/; classtype:trojan-activity;sid:84200753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.55.98.253"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337649/; classtype:trojan-activity;sid:84200749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.150.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337279/; classtype:trojan-activity;sid:84200379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337209)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.88.242.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337209/; classtype:trojan-activity;sid:84200309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337035)"; flow:established,from_client; content:"GET"; http_method; content:"/rahmoundll/kak/main/glew64.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337035/; classtype:trojan-activity;sid:84200135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337026)"; flow:established,from_client; content:"GET"; http_method; content:"/nkaslq1/ankrnl/refs/heads/main/alphatweaks.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337026/; classtype:trojan-activity;sid:84200126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337032)"; flow:established,from_client; content:"GET"; http_method; content:"/haa15/driver-shitty/main/kdmapper_release.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337032/; classtype:trojan-activity;sid:84200132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337022)"; flow:established,from_client; content:"GET"; http_method; content:"/avevasion.dll"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"158.101.196.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337022/; classtype:trojan-activity;sid:84200122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337024)"; flow:established,from_client; content:"GET"; http_method; content:"/execute.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"158.101.196.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337024/; classtype:trojan-activity;sid:84200124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337015)"; flow:established,from_client; content:"GET"; http_method; content:"/v0lt/virtualdub2/releases/download/2.1.3/virtualdub2_v2.1.3.667_win32.7z"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337015/; classtype:trojan-activity;sid:84200115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337012)"; flow:established,from_client; content:"GET"; http_method; content:"/cgmb/update.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337012/; classtype:trojan-activity;sid:84200112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337009)"; flow:established,from_client; content:"GET"; http_method; content:"/titan3/us/world/titan.w1.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"www.pharorg.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337009/; classtype:trojan-activity;sid:84200109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337008)"; flow:established,from_client; content:"GET"; http_method; content:"/uploadvltt/autokeoxe.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"quanly.jxmienphi.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337008/; classtype:trojan-activity;sid:84200108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337007)"; flow:established,from_client; content:"GET"; http_method; content:"/autoupdate.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"lsks.volamngayxua.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337007/; classtype:trojan-activity;sid:84200107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337004)"; flow:established,from_client; content:"GET"; http_method; content:"/skibidixelaina/wuselaina/raw/refs/heads/main/build.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337004/; classtype:trojan-activity;sid:84200104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336992)"; flow:established,from_client; content:"GET"; http_method; content:"/keygroup777-ransomware/downloader/refs/heads/main/taskmoder.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336992/; classtype:trojan-activity;sid:84200092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336993)"; flow:established,from_client; content:"GET"; http_method; content:"/z-beam/movaflag/releases/download/1.0.2/mova.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336993/; classtype:trojan-activity;sid:84200093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336990)"; flow:established,from_client; content:"GET"; http_method; content:"/keygroup777-ransomware/downloader/refs/heads/main/cssgo.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336990/; classtype:trojan-activity;sid:84200090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336987)"; flow:established,from_client; content:"GET"; http_method; content:"/net/boot.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"quanlyphongnet.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336987/; classtype:trojan-activity;sid:84200087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336982)"; flow:established,from_client; content:"GET"; http_method; content:"/b6fab9a8-3dab-4bf8-a2cb-b955b0c00ce8-11f44531fb088d31307d87b01e8eabff.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"files-ld.s3.us-east-2.amazonaws.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336982/; classtype:trojan-activity;sid:84200082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336983)"; flow:established,from_client; content:"GET"; http_method; content:"/keygroup777-ransomware/downloader/raw/refs/heads/main/black.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336983/; classtype:trojan-activity;sid:84200083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.88.242.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336469/; classtype:trojan-activity;sid:84199569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336291)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.55.98.253"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336291/; classtype:trojan-activity;sid:84199391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336275)"; flow:established,from_client; content:"GET"; http_method; content:"/leetspoofer.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.141.26.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336275/; classtype:trojan-activity;sid:84199375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336095)"; flow:established,from_client; content:"GET"; http_method; content:"/stubgenerator/stub/main/stub.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336095/; classtype:trojan-activity;sid:84199195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336094)"; flow:established,from_client; content:"GET"; http_method; content:"/xacker-volk/justmyrat/main/stub.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336094/; classtype:trojan-activity;sid:84199194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336092)"; flow:established,from_client; content:"GET"; http_method; content:"/monkeyrizz/stub/refs/heads/main/stub.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336092/; classtype:trojan-activity;sid:84199192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336077)"; flow:established,from_client; content:"GET"; http_method; content:"/nikolaevich23/make-pkg-bat/master/setup.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336077/; classtype:trojan-activity;sid:84199177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336072)"; flow:established,from_client; content:"GET"; http_method; content:"/eirxne/valorant-axeprime/main/axeprime.dll"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336072/; classtype:trojan-activity;sid:84199172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336068)"; flow:established,from_client; content:"GET"; http_method; content:"/stephenfewer/reflectivedllinjection/refs/heads/master/bin/reflective_dll.dll"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336068/; classtype:trojan-activity;sid:84199168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336060)"; flow:established,from_client; content:"GET"; http_method; content:"/snake/hack.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"dangtienluc.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336060/; classtype:trojan-activity;sid:84199160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336058)"; flow:established,from_client; content:"GET"; http_method; content:"/anessdev/talha/main/talha.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336058/; classtype:trojan-activity;sid:84199158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336049)"; flow:established,from_client; content:"GET"; http_method; content:"/sqrtzeroknowledge/xworm-trojan/zip/refs/heads/main"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336049/; classtype:trojan-activity;sid:84199149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336050)"; flow:established,from_client; content:"GET"; http_method; content:"/heysama/afsgdhzx/refs/heads/main/dllyide.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336050/; classtype:trojan-activity;sid:84199150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336046)"; flow:established,from_client; content:"GET"; http_method; content:"/peszok/xworm-remote-access-tool/main/xworm.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336046/; classtype:trojan-activity;sid:84199146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335208)"; flow:established,from_client; content:"GET"; http_method; content:"/barrigudinha157/barrigudinha/master/rage.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335208/; classtype:trojan-activity;sid:84198308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335199)"; flow:established,from_client; content:"GET"; http_method; content:"/phm/brive/recepisse/202403/10/doc2lgpu2jwfets.tif"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"195.101.213.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335199/; classtype:trojan-activity;sid:84198299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335200)"; flow:established,from_client; content:"GET"; http_method; content:"/phm/distrimobile/recepisse/202407/30/fuss983_20240725_150732.tif"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"195.101.213.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335200/; classtype:trojan-activity;sid:84198300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335175)"; flow:established,from_client; content:"GET"; http_method; content:"/infectsocks32_sql_antivirus.vmp.dll"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335175/; classtype:trojan-activity;sid:84198275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335174)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowforce2008_64_add.vmp.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335174/; classtype:trojan-activity;sid:84198274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335173)"; flow:established,from_client; content:"GET"; http_method; content:"/infectsocks64_sql_antivirus.vmp.dll"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335173/; classtype:trojan-activity;sid:84198273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335166)"; flow:established,from_client; content:"GET"; http_method; content:"/upm2008.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335166/; classtype:trojan-activity;sid:84198266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335156)"; flow:established,from_client; content:"GET"; http_method; content:"/ndisinstaller3.2.32.1.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335156/; classtype:trojan-activity;sid:84198256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335149)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/2018-11/20181122103207926164.doc"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"xww.bucea.edu.cn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335149/; classtype:trojan-activity;sid:84198249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335154)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/statement/ul397wfyb/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335154/; classtype:trojan-activity;sid:84198254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335147)"; flow:established,from_client; content:"GET"; http_method; content:"/iatinfect2008_64.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335147/; classtype:trojan-activity;sid:84198247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335141)"; flow:established,from_client; content:"GET"; http_method; content:"/winsetaccess64.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335141/; classtype:trojan-activity;sid:84198241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335142)"; flow:established,from_client; content:"GET"; http_method; content:"/net/run.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"quanlyphongnet.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335142/; classtype:trojan-activity;sid:84198242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335135)"; flow:established,from_client; content:"GET"; http_method; content:"/writedat.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335135/; classtype:trojan-activity;sid:84198235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335136)"; flow:established,from_client; content:"GET"; http_method; content:"/mport.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335136/; classtype:trojan-activity;sid:84198236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335134)"; flow:established,from_client; content:"GET"; http_method; content:"/iland.dat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335134/; classtype:trojan-activity;sid:84198234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335132)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/hl8-8w4cs-6325/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"reifenquick.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335132/; classtype:trojan-activity;sid:84198232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335119)"; flow:established,from_client; content:"GET"; http_method; content:"/mytime/files/3.3.7.0/mytime.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"down.ruanmei.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335119/; classtype:trojan-activity;sid:84198219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335118)"; flow:established,from_client; content:"GET"; http_method; content:"/cg70/update.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335118/; classtype:trojan-activity;sid:84198218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335111)"; flow:established,from_client; content:"GET"; http_method; content:"/s7vctk/patchgame/_autovlbs19_new/trainjx2.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"gachetroi.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335111/; classtype:trojan-activity;sid:84198211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335096)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/closed_957176_mxqsdoj6a4iz/close_warehouse/ql55hnq09iyn6lm_334stxvw03wyv/"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335096/; classtype:trojan-activity;sid:84198196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335094)"; flow:established,from_client; content:"GET"; http_method; content:"/misc/tools/exporttabletester.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"ximonite.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335094/; classtype:trojan-activity;sid:84198194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335074)"; flow:established,from_client; content:"GET"; http_method; content:"/_upload/article/files/90/f4/62d98f264ab0abc4a1f14a32607a/089c9dc1-8248-47b5-b35d-310cd70469b4.doc"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"hhbs.hhu.edu.cn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335074/; classtype:trojan-activity;sid:84198174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335073)"; flow:established,from_client; content:"GET"; http_method; content:"/attachment/453903/wqc7f5s8lhm8mu0clzhwbl3lp|3f|token=eyjhbgcioijkaxiilcjlbmmioijbmti4q0jdluhtmju2in0..kok-c08tg1sb0rkwxyurvg.7ptb2bey9etqrwrfe3gvzgp-gdctw-nokzbirrowi-iwjtdmjfntorattitqom-5eqrbhzpurovcmmmjxks4knjpxbahy0bahdwidwtu6cuucpoigdw4l9jv2px7wsngjqoqp_dy8fpl_1z6j2no0z_rrawi5g3dj3vggkr-wcthkncz5a8o6febbffjiyc7oij5okn6o4janis5qd7btxoqqitdsic5s2bduud6ozsfsdjsc54szpt2gg4zgz8iuag3pv4apwyt_eo-owc_8q.o9d2owtjtv0voyqxis2afq"; http_uri; depth:427; isdataat:!1,relative; nocase; content:"p20.zdusercontent.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335073/; classtype:trojan-activity;sid:84198173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333897)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.dbg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333897/; classtype:trojan-activity;sid:84196997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333896)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333896/; classtype:trojan-activity;sid:84196996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333895)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333895/; classtype:trojan-activity;sid:84196995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333657)"; flow:established,from_client; content:"GET"; http_method; content:"/namblack666/zxqqw/refs/heads/main/main.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333657/; classtype:trojan-activity;sid:84196757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333658)"; flow:established,from_client; content:"GET"; http_method; content:"/namblack666/zxqqw/refs/heads/main/main1.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333658/; classtype:trojan-activity;sid:84196758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333656)"; flow:established,from_client; content:"GET"; http_method; content:"/nam-black/moneyandbitch/refs/heads/main/main1.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333656/; classtype:trojan-activity;sid:84196756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333651)"; flow:established,from_client; content:"GET"; http_method; content:"/nam-black/moneyandbitch/raw/refs/heads/main/main1.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333651/; classtype:trojan-activity;sid:84196751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333650)"; flow:established,from_client; content:"GET"; http_method; content:"/hillbertdev/insertnamehere/raw/main/2.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333650/; classtype:trojan-activity;sid:84196750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333649)"; flow:established,from_client; content:"GET"; http_method; content:"/hillbertdev/insertnamehere/raw/main/3.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333649/; classtype:trojan-activity;sid:84196749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333648)"; flow:established,from_client; content:"GET"; http_method; content:"/hillbertdev/insertnamehere/raw/main/4.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333648/; classtype:trojan-activity;sid:84196748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333647)"; flow:established,from_client; content:"GET"; http_method; content:"/hillbertdev/insertnamehere/raw/main/5.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333647/; classtype:trojan-activity;sid:84196747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333527)"; flow:established,from_client; content:"GET"; http_method; content:"/apk/pthlearning.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"chinaapper.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333527/; classtype:trojan-activity;sid:84196627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333524)"; flow:established,from_client; content:"GET"; http_method; content:"/cuahangcamera/yoosee/zip/refs/tags/1.0.0.54"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333524/; classtype:trojan-activity;sid:84196624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333522)"; flow:established,from_client; content:"GET"; http_method; content:"/azertyuiopexe/fud-crypter/zip/refs/heads/main"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333522/; classtype:trojan-activity;sid:84196622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333521)"; flow:established,from_client; content:"GET"; http_method; content:"/joh81/exploi01/main/document.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333521/; classtype:trojan-activity;sid:84196621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333518)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.8"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333518/; classtype:trojan-activity;sid:84196618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333515)"; flow:established,from_client; content:"GET"; http_method; content:"/0xrose/rose-stealer_old/zip/refs/heads/main"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333515/; classtype:trojan-activity;sid:84196615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333513)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.10"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333513/; classtype:trojan-activity;sid:84196613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333514)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.3"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333514/; classtype:trojan-activity;sid:84196614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333511)"; flow:established,from_client; content:"GET"; http_method; content:"/hwangyounggul33/windows10/refs/heads/main/privacypolicy.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333511/; classtype:trojan-activity;sid:84196611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333509)"; flow:established,from_client; content:"GET"; http_method; content:"/caocaocc/yacd/zip/refs/heads/gh-pages"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333509/; classtype:trojan-activity;sid:84196609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333510)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.9.2"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333510/; classtype:trojan-activity;sid:84196610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333507)"; flow:established,from_client; content:"GET"; http_method; content:"/lokelo1488/ss11/refs/heads/main/xdd.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333507/; classtype:trojan-activity;sid:84196607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333508)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.11"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333508/; classtype:trojan-activity;sid:84196608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333505)"; flow:established,from_client; content:"GET"; http_method; content:"/692-ez/ratta/refs/heads/main/svchost.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333505/; classtype:trojan-activity;sid:84196605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333504)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/main/x86_64"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333504/; classtype:trojan-activity;sid:84196604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333499)"; flow:established,from_client; content:"GET"; http_method; content:"/fericarr/newky/refs/heads/main/agentnov.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333499/; classtype:trojan-activity;sid:84196599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333502)"; flow:established,from_client; content:"GET"; http_method; content:"/cirosantilli/china-dictatorship/zip/refs/heads/master"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333502/; classtype:trojan-activity;sid:84196602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333503)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.zip/refs/tags/0.8.1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333503/; classtype:trojan-activity;sid:84196603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333495)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.5"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333495/; classtype:trojan-activity;sid:84196595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333496)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.7"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333496/; classtype:trojan-activity;sid:84196596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333497)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/main/wefhrf.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333497/; classtype:trojan-activity;sid:84196597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333493)"; flow:established,from_client; content:"GET"; http_method; content:"/d-7uble/invoke-phant0m/zip/refs/heads/master"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333493/; classtype:trojan-activity;sid:84196593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333494)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.zip/refs/tags/0.7.1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333494/; classtype:trojan-activity;sid:84196594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333491)"; flow:established,from_client; content:"GET"; http_method; content:"/anonyketa/exm-tweaking-utility-premium/zip/refs/heads/main"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333491/; classtype:trojan-activity;sid:84196591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333489)"; flow:established,from_client; content:"GET"; http_method; content:"/54n4l/mimikatzwindows/zip/refs/heads/master"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333489/; classtype:trojan-activity;sid:84196589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333485)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.9"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333485/; classtype:trojan-activity;sid:84196585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333482)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.9.1"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333482/; classtype:trojan-activity;sid:84196582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333481)"; flow:established,from_client; content:"GET"; http_method; content:"/crowly-ai/hello-world/refs/heads/main/zubovlekciya.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333481/; classtype:trojan-activity;sid:84196581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333479)"; flow:established,from_client; content:"GET"; http_method; content:"/heresfilly09-9/fornova/main/svchost.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333479/; classtype:trojan-activity;sid:84196579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333476)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/main/mpsl"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333476/; classtype:trojan-activity;sid:84196576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333473)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/refs/heads/main/ktyhpldea.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333473/; classtype:trojan-activity;sid:84196573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333470)"; flow:established,from_client; content:"GET"; http_method; content:"/bloodhoundad/bloodhound/master/collectors/sharphound.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333470/; classtype:trojan-activity;sid:84196570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333458)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/calendar/setup.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"ojang.pe.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333458/; classtype:trojan-activity;sid:84196558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333457)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/calendar.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ojang.pe.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333457/; classtype:trojan-activity;sid:84196557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333456)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/jeditor/jeditor.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"ojang.pe.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333456/; classtype:trojan-activity;sid:84196556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333439)"; flow:established,from_client; content:"GET"; http_method; content:"/ytisf/thezoo/refs/heads/master/malware/binaries/ransomware.wannacry/ransomware.wannacry.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333439/; classtype:trojan-activity;sid:84196539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333435)"; flow:established,from_client; content:"GET"; http_method; content:"/newlog/exploiting/refs/heads/master/training/windows/practical_malware_analysis/labs/chapter_1l/lab01-02.exe"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333435/; classtype:trojan-activity;sid:84196535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333370)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/main/play.bin"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333370/; classtype:trojan-activity;sid:84196470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333368)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/refs/heads/main/my.bin"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333368/; classtype:trojan-activity;sid:84196468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333369)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/donut.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333369/; classtype:trojan-activity;sid:84196469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333362)"; flow:established,from_client; content:"GET"; http_method; content:"/llq.rar"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xingpai.weilay.com.cn"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333362/; classtype:trojan-activity;sid:84196462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333359)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333359/; classtype:trojan-activity;sid:84196459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333355)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333355/; classtype:trojan-activity;sid:84196455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333357)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333357/; classtype:trojan-activity;sid:84196457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333347)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/main/play.bin"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333347/; classtype:trojan-activity;sid:84196447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333350)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/raw/master/donut.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333350/; classtype:trojan-activity;sid:84196450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333351)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333351/; classtype:trojan-activity;sid:84196451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333352)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333352/; classtype:trojan-activity;sid:84196452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333353)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333353/; classtype:trojan-activity;sid:84196453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333343)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333343/; classtype:trojan-activity;sid:84196443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333340)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/raw/refs/heads/main/my.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333340/; classtype:trojan-activity;sid:84196440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333322)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333322/; classtype:trojan-activity;sid:84196422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333321)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17793058/lg246dre.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333321/; classtype:trojan-activity;sid:84196421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333316)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333316/; classtype:trojan-activity;sid:84196416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333317)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333317/; classtype:trojan-activity;sid:84196417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332958)"; flow:established,from_client; content:"GET"; http_method; content:"/kidxnox/image-logger/refs/heads/main/image%20logger.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332958/; classtype:trojan-activity;sid:84196058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332960)"; flow:established,from_client; content:"GET"; http_method; content:"/earthsetup/firtshopacc/main/tcp.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332960/; classtype:trojan-activity;sid:84196060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332942)"; flow:established,from_client; content:"GET"; http_method; content:"/darkneonglitch/prooes/refs/heads/main/sync.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332942/; classtype:trojan-activity;sid:84196042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332925)"; flow:established,from_client; content:"GET"; http_method; content:"/kidxnox/image-logger/raw/refs/heads/main/image%20logger.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332925/; classtype:trojan-activity;sid:84196025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332920)"; flow:established,from_client; content:"GET"; http_method; content:"/darkneonglitch/prooes/raw/refs/heads/main/sync.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332920/; classtype:trojan-activity;sid:84196020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332902)"; flow:established,from_client; content:"GET"; http_method; content:"/rviance/ubiquitous-fortnight/releases/download/toolwin/toolwin.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332902/; classtype:trojan-activity;sid:84196002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332844)"; flow:established,from_client; content:"GET"; http_method; content:"/get/19f3c14691d28ab174a7935987ce2182/"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"loader.oxy.st"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332844/; classtype:trojan-activity;sid:84195944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332833)"; flow:established,from_client; content:"GET"; http_method; content:"/trafunny/malware-file/refs/heads/main/crack.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332833/; classtype:trojan-activity;sid:84195933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332792)"; flow:established,from_client; content:"GET"; http_method; content:"/noccenter/noccenter/refs/heads/main/huong%20dan%20xu%20ly%20tai%20khoan%20mail%20noi%20bo.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332792/; classtype:trojan-activity;sid:84195892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332789)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon_x64.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332789/; classtype:trojan-activity;sid:84195889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332783)"; flow:established,from_client; content:"GET"; http_method; content:"/noccenter/noccenter/raw/refs/heads/main/huong%20dan%20xu%20ly%20tai%20khoan%20mail%20noi%20bo.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332783/; classtype:trojan-activity;sid:84195883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332780)"; flow:established,from_client; content:"GET"; http_method; content:"/baksvoronov/testingflrplgpreg/raw/refs/heads/main/connector1.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332780/; classtype:trojan-activity;sid:84195880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332770)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/refs/heads/main/hbfgjhhesfd.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332770/; classtype:trojan-activity;sid:84195870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332771)"; flow:established,from_client; content:"GET"; http_method; content:"/xevioo/xeviohub/main/critscript.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332771/; classtype:trojan-activity;sid:84195871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332764)"; flow:established,from_client; content:"GET"; http_method; content:"/mae-luadev/mae-tests/main/system.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332764/; classtype:trojan-activity;sid:84195864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332765)"; flow:established,from_client; content:"GET"; http_method; content:"/apoxyies/deeneme/refs/heads/main/runtimebroker.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332765/; classtype:trojan-activity;sid:84195865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332766)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/main/1434orz.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332766/; classtype:trojan-activity;sid:84195866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332762)"; flow:established,from_client; content:"GET"; http_method; content:"/trafunny/malware-file/refs/heads/main/njrat.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332762/; classtype:trojan-activity;sid:84195862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332763)"; flow:established,from_client; content:"GET"; http_method; content:"/anonam0369/am/refs/heads/main/runtimebroker.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332763/; classtype:trojan-activity;sid:84195863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332761)"; flow:established,from_client; content:"GET"; http_method; content:"/yuriksq/papilla/refs/heads/main/jrockekcurje.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332761/; classtype:trojan-activity;sid:84195861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332757)"; flow:established,from_client; content:"GET"; http_method; content:"/mae-luadev/mae-tests/raw/main/system.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332757/; classtype:trojan-activity;sid:84195857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332758)"; flow:established,from_client; content:"GET"; http_method; content:"/mohammedsalmannnnnnn/laughing-train/refs/heads/main/client-built.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332758/; classtype:trojan-activity;sid:84195858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332759)"; flow:established,from_client; content:"GET"; http_method; content:"/anonam0369/am/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332759/; classtype:trojan-activity;sid:84195859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332753)"; flow:established,from_client; content:"GET"; http_method; content:"/mohammedsalmannnnnnn/laughing-train/raw/refs/heads/main/client-built.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332753/; classtype:trojan-activity;sid:84195853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332754)"; flow:established,from_client; content:"GET"; http_method; content:"/apoxyies/deeneme/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332754/; classtype:trojan-activity;sid:84195854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332755)"; flow:established,from_client; content:"GET"; http_method; content:"/nakuss/dwdwadwa/raw/main/client-built.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332755/; classtype:trojan-activity;sid:84195855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332756)"; flow:established,from_client; content:"GET"; http_method; content:"/azurerex/napewnonievoiderhook/raw/main/seksiak.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332756/; classtype:trojan-activity;sid:84195856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332752)"; flow:established,from_client; content:"GET"; http_method; content:"/waynesson/rocitizens/raw/refs/heads/main/client-built.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332752/; classtype:trojan-activity;sid:84195852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332751)"; flow:established,from_client; content:"GET"; http_method; content:"/yuriksq/papilla/raw/refs/heads/main/jrockekcurje.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332751/; classtype:trojan-activity;sid:84195851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332746)"; flow:established,from_client; content:"GET"; http_method; content:"/akumaheo/heoe/refs/heads/main/heo.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332746/; classtype:trojan-activity;sid:84195846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332747)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/osiris/raw/refs/heads/main/2klz.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332747/; classtype:trojan-activity;sid:84195847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332668)"; flow:established,from_client; content:"GET"; http_method; content:"/akumaheo/heoe/raw/refs/heads/main/heo.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332668/; classtype:trojan-activity;sid:84195768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332595)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64xxxx"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332595/; classtype:trojan-activity;sid:84195695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332596)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_386xxx"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332596/; classtype:trojan-activity;sid:84195696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331919)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/opyhjdase.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331919/; classtype:trojan-activity;sid:84195019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331903)"; flow:established,from_client; content:"GET"; http_method; content:"/transfer-https.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331903/; classtype:trojan-activity;sid:84195003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331907)"; flow:established,from_client; content:"GET"; http_method; content:"/transfer-http.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331907/; classtype:trojan-activity;sid:84195007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331891)"; flow:established,from_client; content:"GET"; http_method; content:"/cisco.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331891/; classtype:trojan-activity;sid:84194991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331892)"; flow:established,from_client; content:"GET"; http_method; content:"/cisnsatest.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331892/; classtype:trojan-activity;sid:84194992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331862)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/popapoers.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331862/; classtype:trojan-activity;sid:84194962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331858)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/ljgksdtihd.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331858/; classtype:trojan-activity;sid:84194958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331850)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/pfntjejghjsdkr.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331850/; classtype:trojan-activity;sid:84194950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331843)"; flow:established,from_client; content:"GET"; http_method; content:"/transfer.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331843/; classtype:trojan-activity;sid:84194943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331828)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/vikings.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331828/; classtype:trojan-activity;sid:84194928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331826)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/bnkrigkawd.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331826/; classtype:trojan-activity;sid:84194926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331814)"; flow:established,from_client; content:"GET"; http_method; content:"/transfer-http.vbs"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331814/; classtype:trojan-activity;sid:84194914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331719)"; flow:established,from_client; content:"GET"; http_method; content:"/tutithuybi123/-/main/client-built.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331719/; classtype:trojan-activity;sid:84194819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331716)"; flow:established,from_client; content:"GET"; http_method; content:"/files/_k150nfjy5/download/file.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"api.hostize.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331716/; classtype:trojan-activity;sid:84194816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331713)"; flow:established,from_client; content:"GET"; http_method; content:"/kompass-4.1.2.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"80.76.51.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331713/; classtype:trojan-activity;sid:84194813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331712)"; flow:established,from_client; content:"GET"; http_method; content:"/nakuss/dwdwadwa/main/client-built.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331712/; classtype:trojan-activity;sid:84194812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331711)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/main/client-built.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331711/; classtype:trojan-activity;sid:84194811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331708)"; flow:established,from_client; content:"GET"; http_method; content:"/therealastro666/lolz/main/client-built.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331708/; classtype:trojan-activity;sid:84194808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331709)"; flow:established,from_client; content:"GET"; http_method; content:"/faokun1/aaa/main/client-built.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331709/; classtype:trojan-activity;sid:84194809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331707)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/main/client-built.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331707/; classtype:trojan-activity;sid:84194807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331705)"; flow:established,from_client; content:"GET"; http_method; content:"/biseo0/neue/main/client-built.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331705/; classtype:trojan-activity;sid:84194805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331697)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/main/client-built.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331697/; classtype:trojan-activity;sid:84194797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331698)"; flow:established,from_client; content:"GET"; http_method; content:"/manyak-cmd/a/main/a/client-built.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331698/; classtype:trojan-activity;sid:84194798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331699)"; flow:established,from_client; content:"GET"; http_method; content:"/frenzy-zwaake/discordrat-2.0/main/client-built.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331699/; classtype:trojan-activity;sid:84194799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331696)"; flow:established,from_client; content:"GET"; http_method; content:"/adammmikso/wu/main/client-built.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331696/; classtype:trojan-activity;sid:84194796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331694)"; flow:established,from_client; content:"GET"; http_method; content:"/m4hvh2/dwadwa/main/client-built.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331694/; classtype:trojan-activity;sid:84194794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331691)"; flow:established,from_client; content:"GET"; http_method; content:"/15f869479d73f92a/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"91.215.85.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331691/; classtype:trojan-activity;sid:84194791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331690)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/image/scragglingijsw.ps1"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"clubedasluluzinhasro.com.br"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331690/; classtype:trojan-activity;sid:84194790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331675)"; flow:established,from_client; content:"GET"; http_method; content:"/api/aq_course/app/v2/course/addstudylog/client_built.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"agapi.cqjjb.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331675/; classtype:trojan-activity;sid:84194775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331669)"; flow:established,from_client; content:"GET"; http_method; content:"/fofit-rater/1/refs/heads/main/xclient.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331669/; classtype:trojan-activity;sid:84194769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331670)"; flow:established,from_client; content:"GET"; http_method; content:"/efedursun125/xfakeplayers/master/xclient.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331670/; classtype:trojan-activity;sid:84194770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331672)"; flow:established,from_client; content:"GET"; http_method; content:"/evil-d-e-v/m/refs/heads/main/xclient.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331672/; classtype:trojan-activity;sid:84194772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331665)"; flow:established,from_client; content:"GET"; http_method; content:"/abhidadatg/worm/refs/heads/main/xclient.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331665/; classtype:trojan-activity;sid:84194765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331667)"; flow:established,from_client; content:"GET"; http_method; content:"/u6iko/do5a/main/xclient.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331667/; classtype:trojan-activity;sid:84194767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331661)"; flow:established,from_client; content:"GET"; http_method; content:"/blazedbottle/rat/raw/main/client-built.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331661/; classtype:trojan-activity;sid:84194761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331653)"; flow:established,from_client; content:"GET"; http_method; content:"/zonicleaks/yappadabbadoo/main/xclient.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331653/; classtype:trojan-activity;sid:84194753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331648)"; flow:established,from_client; content:"GET"; http_method; content:"/jikoos/rrr/main/xclient.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331648/; classtype:trojan-activity;sid:84194748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331644)"; flow:established,from_client; content:"GET"; http_method; content:"/lvlh01am/wrwrwr/main/xclient.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331644/; classtype:trojan-activity;sid:84194744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331643)"; flow:established,from_client; content:"GET"; http_method; content:"/lvlh01am/adad/main/xclient.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331643/; classtype:trojan-activity;sid:84194743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331638)"; flow:established,from_client; content:"GET"; http_method; content:"/lohoainam/-at/main/xclient.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331638/; classtype:trojan-activity;sid:84194738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331639)"; flow:established,from_client; content:"GET"; http_method; content:"/frenzy-zwaake/discordrat-2.0/deferred-metadata/main/client-built.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331639/; classtype:trojan-activity;sid:84194739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331640)"; flow:established,from_client; content:"GET"; http_method; content:"/whois-black/qew123/main/xclient.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331640/; classtype:trojan-activity;sid:84194740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331637)"; flow:established,from_client; content:"GET"; http_method; content:"/goldhourse/optimizer/main/xclient.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331637/; classtype:trojan-activity;sid:84194737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331636)"; flow:established,from_client; content:"GET"; http_method; content:"/paco321312312/cautious-sniffle/main/xclient.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331636/; classtype:trojan-activity;sid:84194736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331631)"; flow:established,from_client; content:"GET"; http_method; content:"/xclient543/miniature-tribble/main/xclient.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331631/; classtype:trojan-activity;sid:84194731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331633)"; flow:established,from_client; content:"GET"; http_method; content:"/joeljosephpajeet/testexe/refs/heads/main/xclient.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331633/; classtype:trojan-activity;sid:84194733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331628)"; flow:established,from_client; content:"GET"; http_method; content:"/lvlh01am/fsfsf/main/xclient.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331628/; classtype:trojan-activity;sid:84194728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331630)"; flow:established,from_client; content:"GET"; http_method; content:"/cheetz/nishang/master/gather/keylogger.ps1"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331630/; classtype:trojan-activity;sid:84194730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331588)"; flow:established,from_client; content:"GET"; http_method; content:"/cookieskush/pip-package-template/master/client-built.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331588/; classtype:trojan-activity;sid:84194688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331578)"; flow:established,from_client; content:"GET"; http_method; content:"/waynesson/rocitizens/refs/heads/main/client-built.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331578/; classtype:trojan-activity;sid:84194678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331577)"; flow:established,from_client; content:"GET"; http_method; content:"/valofficial/client-follower/main/client-built.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331577/; classtype:trojan-activity;sid:84194677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331574)"; flow:established,from_client; content:"GET"; http_method; content:"/efedursun125/xfakeplayers/refs/heads/master/xclient.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331574/; classtype:trojan-activity;sid:84194674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331571)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/image/scragglingijsw.ps1"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"www.clubedasluluzinhasro.com.br"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331571/; classtype:trojan-activity;sid:84194671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331544)"; flow:established,from_client; content:"GET"; http_method; content:"/travel/1.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"nabawitransport.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331544/; classtype:trojan-activity;sid:84194644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331536)"; flow:established,from_client; content:"GET"; http_method; content:"/remittance//payment_advice.ps1"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"azgint.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331536/; classtype:trojan-activity;sid:84194636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331501)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=10wux24m2koxctzbcelr2d3t8tyb8y6dq"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331501/; classtype:trojan-activity;sid:84194601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331502)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1unu9ydyxvbsgdas_xzewlzcaiv6o_qdt"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331502/; classtype:trojan-activity;sid:84194602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331503)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1b3mrgxuzwdg46exhp6a71yeymlvrmabx"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331503/; classtype:trojan-activity;sid:84194603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331506)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nvsn7w4epo6u8ru3bheum2fygvbg6fh4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331506/; classtype:trojan-activity;sid:84194606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331489)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1-wql_iua-mylu2kiuyz-ib-5ggjqjqqp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331489/; classtype:trojan-activity;sid:84194589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331487)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/decqq-cf20a.appspot.com/o/donchifile_vchfujk91.bin|3f|alt=media|7c|26|7c|token=c2737a65-ff1c-436c-a6f0-11d3a748f62f"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331487/; classtype:trojan-activity;sid:84194587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331466)"; flow:established,from_client; content:"GET"; http_method; content:"/mzmtrpwoe113eelxn/plugins/cred.dll"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"185.208.158.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331466/; classtype:trojan-activity;sid:84194566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331457)"; flow:established,from_client; content:"GET"; http_method; content:"/mzmtrpwoe113eelxn/plugins/clip.dll"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"185.208.158.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331457/; classtype:trojan-activity;sid:84194557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331458)"; flow:established,from_client; content:"GET"; http_method; content:"/mzmtrpwoe113eelxn/plugins/clip64.dll"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"185.208.158.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331458/; classtype:trojan-activity;sid:84194558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331459)"; flow:established,from_client; content:"GET"; http_method; content:"/mzmtrpwoe113eelxn/plugins/cred64.dll"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"185.208.158.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331459/; classtype:trojan-activity;sid:84194559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320140)"; flow:established,from_client; content:"GET"; http_method; content:"/spim"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3320140/; classtype:trojan-activity;sid:84183240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319975)"; flow:established,from_client; content:"GET"; http_method; content:"/realmastercoder69/bothg/releases/download/das/start.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319975/; classtype:trojan-activity;sid:84183075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319973)"; flow:established,from_client; content:"GET"; http_method; content:"/vipek1990/napewnonievoiderhook/raw/main/seksiak.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319973/; classtype:trojan-activity;sid:84183073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319675)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.36.117.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319675/; classtype:trojan-activity;sid:84182775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319642)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.137.114.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319642/; classtype:trojan-activity;sid:84182742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318665)"; flow:established,from_client; content:"GET"; http_method; content:"/xbcer4er3/ginny"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"fundrescuetech.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318665/; classtype:trojan-activity;sid:84181765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318666)"; flow:established,from_client; content:"GET"; http_method; content:"/xbcer4er3/pikachu"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"fundrescuetech.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318666/; classtype:trojan-activity;sid:84181766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318670)"; flow:established,from_client; content:"GET"; http_method; content:"/nonadoc/nonadoc/releases/download/defi_prive/anketa_miner"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318670/; classtype:trojan-activity;sid:84181770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318663)"; flow:established,from_client; content:"GET"; http_method; content:"/xbcer4er3/hotline"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"fundrescuetech.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318663/; classtype:trojan-activity;sid:84181763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318664)"; flow:established,from_client; content:"GET"; http_method; content:"/xbcer4er3/sonic"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"fundrescuetech.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318664/; classtype:trojan-activity;sid:84181764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318622)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"123.57.230.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318622/; classtype:trojan-activity;sid:84181722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318596)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"44.193.202.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318596/; classtype:trojan-activity;sid:84181696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318593)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"123.60.182.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318593/; classtype:trojan-activity;sid:84181693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318591)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"150.158.37.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318591/; classtype:trojan-activity;sid:84181691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318589)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.130.24.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318589/; classtype:trojan-activity;sid:84181689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318579)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.130.24.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318579/; classtype:trojan-activity;sid:84181679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318580)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.39.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318580/; classtype:trojan-activity;sid:84181680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318575)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.91.125.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318575/; classtype:trojan-activity;sid:84181675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318571)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"35.196.251.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318571/; classtype:trojan-activity;sid:84181671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318551)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.154.18.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318551/; classtype:trojan-activity;sid:84181651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318531)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.138.27.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318531/; classtype:trojan-activity;sid:84181631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318527)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.107.136.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318527/; classtype:trojan-activity;sid:84181627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318529)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.149.128.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318529/; classtype:trojan-activity;sid:84181629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318523)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"180.76.138.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318523/; classtype:trojan-activity;sid:84181623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318498)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.39.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318498/; classtype:trojan-activity;sid:84181598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318502)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"150.158.37.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318502/; classtype:trojan-activity;sid:84181602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318309)"; flow:established,from_client; content:"GET"; http_method; content:"/khangdz1801/raw/refs/heads/main/sound.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318309/; classtype:trojan-activity;sid:84181409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318199)"; flow:established,from_client; content:"GET"; http_method; content:"/shell.elf"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.102.210.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318199/; classtype:trojan-activity;sid:84181299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318197)"; flow:established,from_client; content:"GET"; http_method; content:"/g.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"39.102.210.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318197/; classtype:trojan-activity;sid:84181297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318198)"; flow:established,from_client; content:"GET"; http_method; content:"/anquangou.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"39.102.210.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318198/; classtype:trojan-activity;sid:84181298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318193)"; flow:established,from_client; content:"GET"; http_method; content:"/qqbg.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"39.102.210.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318193/; classtype:trojan-activity;sid:84181293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318194)"; flow:established,from_client; content:"GET"; http_method; content:"/notepad++.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"39.102.210.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318194/; classtype:trojan-activity;sid:84181294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318195)"; flow:established,from_client; content:"GET"; http_method; content:"/defender.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"39.102.210.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318195/; classtype:trojan-activity;sid:84181295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318147)"; flow:established,from_client; content:"GET"; http_method; content:"/grim_steak"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"159.100.17.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318147/; classtype:trojan-activity;sid:84181247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318146)"; flow:established,from_client; content:"GET"; http_method; content:"/proxy"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"159.100.17.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318146/; classtype:trojan-activity;sid:84181246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318144)"; flow:established,from_client; content:"GET"; http_method; content:"/netshhelper.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"159.100.17.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318144/; classtype:trojan-activity;sid:84181244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318145)"; flow:established,from_client; content:"GET"; http_method; content:"/agent"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"159.100.17.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318145/; classtype:trojan-activity;sid:84181245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317820)"; flow:established,from_client; content:"GET"; http_method; content:"/15f869479d73f92a/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.215.85.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317820/; classtype:trojan-activity;sid:84180920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317819)"; flow:established,from_client; content:"GET"; http_method; content:"/15f869479d73f92a/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"91.215.85.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317819/; classtype:trojan-activity;sid:84180919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317814)"; flow:established,from_client; content:"GET"; http_method; content:"/15f869479d73f92a/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.215.85.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317814/; classtype:trojan-activity;sid:84180914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317815)"; flow:established,from_client; content:"GET"; http_method; content:"/15f869479d73f92a/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"91.215.85.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317815/; classtype:trojan-activity;sid:84180915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317816)"; flow:established,from_client; content:"GET"; http_method; content:"/15f869479d73f92a/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.215.85.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317816/; classtype:trojan-activity;sid:84180916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317817)"; flow:established,from_client; content:"GET"; http_method; content:"/15f869479d73f92a/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"91.215.85.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317817/; classtype:trojan-activity;sid:84180917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317818)"; flow:established,from_client; content:"GET"; http_method; content:"/15f869479d73f92a/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.215.85.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317818/; classtype:trojan-activity;sid:84180918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317713)"; flow:established,from_client; content:"GET"; http_method; content:"/m2/plugin2.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317713/; classtype:trojan-activity;sid:84180813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317712)"; flow:established,from_client; content:"GET"; http_method; content:"/m2/plugin1.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317712/; classtype:trojan-activity;sid:84180812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317710)"; flow:established,from_client; content:"GET"; http_method; content:"/plugin2.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317710/; classtype:trojan-activity;sid:84180810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317707)"; flow:established,from_client; content:"GET"; http_method; content:"/m2/plugin3.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317707/; classtype:trojan-activity;sid:84180807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317708)"; flow:established,from_client; content:"GET"; http_method; content:"/plugin3.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317708/; classtype:trojan-activity;sid:84180808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317638)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.219.216.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317638/; classtype:trojan-activity;sid:84180738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.25.120.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316848/; classtype:trojan-activity;sid:84179948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316786)"; flow:established,from_client; content:"GET"; http_method; content:"/.puscarie/.report_system"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"66.63.187.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316786/; classtype:trojan-activity;sid:84179886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316785)"; flow:established,from_client; content:"GET"; http_method; content:"/.puscarie/.main"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"66.63.187.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316785/; classtype:trojan-activity;sid:84179885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316455)"; flow:established,from_client; content:"GET"; http_method; content:"/aaaaaa.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316455/; classtype:trojan-activity;sid:84179555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316454)"; flow:established,from_client; content:"GET"; http_method; content:"/get.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316454/; classtype:trojan-activity;sid:84179554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316452)"; flow:established,from_client; content:"GET"; http_method; content:"/searchuii.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316452/; classtype:trojan-activity;sid:84179552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.249.243.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316272/; classtype:trojan-activity;sid:84179372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.249.243.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316268/; classtype:trojan-activity;sid:84179368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.253.55.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316001/; classtype:trojan-activity;sid:84179101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3315843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.42.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3315843/; classtype:trojan-activity;sid:84178943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3315570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.66.40.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3315570/; classtype:trojan-activity;sid:84178670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3315252)"; flow:established,from_client; content:"GET"; http_method; content:"/office365/build.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"csg-app.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3315252/; classtype:trojan-activity;sid:84178352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3315253)"; flow:established,from_client; content:"GET"; http_method; content:"/order/purchaseorder.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"csg-app.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3315253/; classtype:trojan-activity;sid:84178353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3315254)"; flow:established,from_client; content:"GET"; http_method; content:"/order/putty.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"csg-app.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3315254/; classtype:trojan-activity;sid:84178354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312836)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312836/; classtype:trojan-activity;sid:84175936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312827)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312827/; classtype:trojan-activity;sid:84175927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312814)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312814/; classtype:trojan-activity;sid:84175914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312811)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312811/; classtype:trojan-activity;sid:84175911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312791)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312791/; classtype:trojan-activity;sid:84175891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312792)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312792/; classtype:trojan-activity;sid:84175892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3310338)"; flow:established,from_client; content:"GET"; http_method; content:"/sonriseclient/wirestonline-stealer-8847/zip/refs/heads/main"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3310338/; classtype:trojan-activity;sid:84173438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3310337)"; flow:established,from_client; content:"GET"; http_method; content:"/sonriseclient/kirlisokak-stealer-4050/zip/refs/heads/main"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3310337/; classtype:trojan-activity;sid:84173437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3310273)"; flow:established,from_client; content:"GET"; http_method; content:"/sonriseclient/thomaspatric-startup-1469/zip/refs/heads/main"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3310273/; classtype:trojan-activity;sid:84173373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3310256)"; flow:established,from_client; content:"GET"; http_method; content:"/sonriseclient/peyyix-stealer-3572/zip/refs/heads/main"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3310256/; classtype:trojan-activity;sid:84173356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3310236)"; flow:established,from_client; content:"GET"; http_method; content:"/sonriseclient/wirestonline-startup-4487/zip/refs/heads/main"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3310236/; classtype:trojan-activity;sid:84173336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3310233)"; flow:established,from_client; content:"GET"; http_method; content:"/sonriseclient/alman1/zip/refs/heads/main"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3310233/; classtype:trojan-activity;sid:84173333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3310221)"; flow:established,from_client; content:"GET"; http_method; content:"/sonriseclient/microdev7-stealer-2599/zip/refs/heads/main"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3310221/; classtype:trojan-activity;sid:84173321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3310212)"; flow:established,from_client; content:"GET"; http_method; content:"/sonriseclient/javadownloader/zip/refs/heads/main"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3310212/; classtype:trojan-activity;sid:84173312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3310208)"; flow:established,from_client; content:"GET"; http_method; content:"/sonriseclient/kirlisokak-startup-2193/zip/refs/heads/main"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3310208/; classtype:trojan-activity;sid:84173308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3310200)"; flow:established,from_client; content:"GET"; http_method; content:"/sonriseclient/ad4nal1-stealer-5016/zip/refs/heads/main"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3310200/; classtype:trojan-activity;sid:84173300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3310189)"; flow:established,from_client; content:"GET"; http_method; content:"/sonriseclient/bnecorex-stealer-3586/zip/refs/heads/main"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3310189/; classtype:trojan-activity;sid:84173289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3310178)"; flow:established,from_client; content:"GET"; http_method; content:"/sonriseclient/main/zip/refs/heads/main"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3310178/; classtype:trojan-activity;sid:84173278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3310169)"; flow:established,from_client; content:"GET"; http_method; content:"/sonriseclient/bnecorex-startup-2368/zip/refs/heads/main"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3310169/; classtype:trojan-activity;sid:84173269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3310157)"; flow:established,from_client; content:"GET"; http_method; content:"/sonriseclient/thomaspatric-stealer-4528/zip/refs/heads/main"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3310157/; classtype:trojan-activity;sid:84173257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3310143)"; flow:established,from_client; content:"GET"; http_method; content:"/sonriseclient/ad4nal1-startup-9659/zip/refs/heads/main"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3310143/; classtype:trojan-activity;sid:84173243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3310123)"; flow:established,from_client; content:"GET"; http_method; content:"/sonriseclient/ad4nal1-stealer-5016/raw/refs/heads/main/stealer.jar"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3310123/; classtype:trojan-activity;sid:84173223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309853)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.45.19.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309853/; classtype:trojan-activity;sid:84172953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.87.95.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309665/; classtype:trojan-activity;sid:84172765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309613)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/refs/heads/main/sgvp%20client%20users.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309613/; classtype:trojan-activity;sid:84172713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309614)"; flow:established,from_client; content:"GET"; http_method; content:"/earthsetup/firtshopacc/main/registry.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309614/; classtype:trojan-activity;sid:84172714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309611)"; flow:established,from_client; content:"GET"; http_method; content:"/vipek1990/napewnonievoiderhook/raw/main/seksiak.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309611/; classtype:trojan-activity;sid:84172711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309588)"; flow:established,from_client; content:"GET"; http_method; content:"/realmastercoder69/dsafffffffff/releases/download/dasa/loader.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309588/; classtype:trojan-activity;sid:84172688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309589)"; flow:established,from_client; content:"GET"; http_method; content:"/realmastercoder69/dd/releases/download/d/output.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309589/; classtype:trojan-activity;sid:84172689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309590)"; flow:established,from_client; content:"GET"; http_method; content:"/realmastercoder69/uu/releases/download/dss/loader.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309590/; classtype:trojan-activity;sid:84172690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309591)"; flow:established,from_client; content:"GET"; http_method; content:"/realmastercoder69/dsafffffffff/releases/download/dasa/saloader.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309591/; classtype:trojan-activity;sid:84172691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309592)"; flow:established,from_client; content:"GET"; http_method; content:"/realmastercoder69/dsadsa/releases/download/dsa/aidans.dont.run.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309592/; classtype:trojan-activity;sid:84172692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309594)"; flow:established,from_client; content:"GET"; http_method; content:"/realmastercoder69/drf/releases/download/d/loader.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309594/; classtype:trojan-activity;sid:84172694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309587)"; flow:established,from_client; content:"GET"; http_method; content:"/realmastercoder69/huy/releases/download/dsa/loader.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309587/; classtype:trojan-activity;sid:84172687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309585)"; flow:established,from_client; content:"GET"; http_method; content:"/realmastercoder69/bothg/releases/download/das/loader.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309585/; classtype:trojan-activity;sid:84172685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309579)"; flow:established,from_client; content:"GET"; http_method; content:"/heysama/afsgdhzx/raw/refs/heads/main/dllyide.dll"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309579/; classtype:trojan-activity;sid:84172679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309575)"; flow:established,from_client; content:"GET"; http_method; content:"/heysama/afsgdhzx/raw/refs/heads/main/handeltest.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309575/; classtype:trojan-activity;sid:84172675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309576)"; flow:established,from_client; content:"GET"; http_method; content:"/heysama/afsgdhzx/raw/refs/heads/main/xs.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309576/; classtype:trojan-activity;sid:84172676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309577)"; flow:established,from_client; content:"GET"; http_method; content:"/heysama/afsgdhzx/raw/refs/heads/main/tutorial.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309577/; classtype:trojan-activity;sid:84172677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309578)"; flow:established,from_client; content:"GET"; http_method; content:"/heysama/afsgdhzx/raw/refs/heads/main/aa.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309578/; classtype:trojan-activity;sid:84172678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309573)"; flow:established,from_client; content:"GET"; http_method; content:"/heysama/afsgdhzx/raw/refs/heads/main/nobody.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309573/; classtype:trojan-activity;sid:84172673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309574)"; flow:established,from_client; content:"GET"; http_method; content:"/heysama/afsgdhzx/raw/refs/heads/main/ataturk.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309574/; classtype:trojan-activity;sid:84172674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309571)"; flow:established,from_client; content:"GET"; http_method; content:"/realmastercoder69/bothg/releases/download/das/start.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309571/; classtype:trojan-activity;sid:84172671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309563)"; flow:established,from_client; content:"GET"; http_method; content:"/samarik"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"80.76.51.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309563/; classtype:trojan-activity;sid:84172663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309033)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.107.136.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3309033/; classtype:trojan-activity;sid:84172133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309021)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.115.236.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3309021/; classtype:trojan-activity;sid:84172121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308998)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.115.54.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308998/; classtype:trojan-activity;sid:84172098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308970)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.111.146.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308970/; classtype:trojan-activity;sid:84172070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308956)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.107.136.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308956/; classtype:trojan-activity;sid:84172056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308959)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.107.136.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308959/; classtype:trojan-activity;sid:84172059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308929)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"114.215.27.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308929/; classtype:trojan-activity;sid:84172029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308923)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"114.215.27.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308923/; classtype:trojan-activity;sid:84172023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308898)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"61.183.16.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308898/; classtype:trojan-activity;sid:84171998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308894)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.155.74.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308894/; classtype:trojan-activity;sid:84171994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308890)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"111.42.156.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308890/; classtype:trojan-activity;sid:84171990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308883)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.61.50.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308883/; classtype:trojan-activity;sid:84171983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308882)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"159.250.122.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308882/; classtype:trojan-activity;sid:84171982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308880)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.103.126.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308880/; classtype:trojan-activity;sid:84171980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308876)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"149.88.73.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308876/; classtype:trojan-activity;sid:84171976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308875)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308875/; classtype:trojan-activity;sid:84171975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308873)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.241.17.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308873/; classtype:trojan-activity;sid:84171973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308870)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"96.250.166.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308870/; classtype:trojan-activity;sid:84171970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308860)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.137.108.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308860/; classtype:trojan-activity;sid:84171960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308859)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.210.138.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308859/; classtype:trojan-activity;sid:84171959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308847)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.26.174.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308847/; classtype:trojan-activity;sid:84171947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308821)"; flow:established,from_client; content:"GET"; http_method; content:"/update/tpb-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"utorrent-backup-server4.top"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308821/; classtype:trojan-activity;sid:84171921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308820)"; flow:established,from_client; content:"GET"; http_method; content:"/update/tpb-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"utorrent-backup-server3.top"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308820/; classtype:trojan-activity;sid:84171920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308819)"; flow:established,from_client; content:"GET"; http_method; content:"/update/tpb-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"utorrent-backup-server2.top"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308819/; classtype:trojan-activity;sid:84171919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308816)"; flow:established,from_client; content:"GET"; http_method; content:"/update/tpb-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"security-service-api-link.cc"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308816/; classtype:trojan-activity;sid:84171916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308817)"; flow:established,from_client; content:"GET"; http_method; content:"/update/tpb-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"win-network-checker.cc"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308817/; classtype:trojan-activity;sid:84171917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308818)"; flow:established,from_client; content:"GET"; http_method; content:"/update/tpb-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"utorrent-backup-server5.top"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308818/; classtype:trojan-activity;sid:84171918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308813)"; flow:established,from_client; content:"GET"; http_method; content:"/update/tpb-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"update-checker-status.cc"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308813/; classtype:trojan-activity;sid:84171913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308798)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1idr9p3dgxkblhu7h4jckclzmtlibwsiw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308798/; classtype:trojan-activity;sid:84171898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308461)"; flow:established,from_client; content:"GET"; http_method; content:"/xblkpfz8y0"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"158.101.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308461/; classtype:trojan-activity;sid:84171561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308462)"; flow:established,from_client; content:"GET"; http_method; content:"/xblkpfz8y3"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"158.101.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308462/; classtype:trojan-activity;sid:84171562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308463)"; flow:established,from_client; content:"GET"; http_method; content:"/xblkpfz8y4.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"158.101.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308463/; classtype:trojan-activity;sid:84171563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308464)"; flow:established,from_client; content:"GET"; http_method; content:"/xblkpfz8y2"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"158.101.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308464/; classtype:trojan-activity;sid:84171564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308465)"; flow:established,from_client; content:"GET"; http_method; content:"/xblkpfz8y1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"158.101.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308465/; classtype:trojan-activity;sid:84171565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308041)"; flow:established,from_client; content:"GET"; http_method; content:"/aminer.gz"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.107.29.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308041/; classtype:trojan-activity;sid:84171141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308039)"; flow:established,from_client; content:"GET"; http_method; content:"/ns3.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"47.107.29.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308039/; classtype:trojan-activity;sid:84171139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308038)"; flow:established,from_client; content:"GET"; http_method; content:"/install.tgz"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"47.107.29.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308038/; classtype:trojan-activity;sid:84171138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3305535)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"111.185.23.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_26; reference:url, urlhaus.abuse.ch/url/3305535/; classtype:trojan-activity;sid:84168635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304481)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel_softfloat"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304481/; classtype:trojan-activity;sid:84167581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304477)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64el_softfloat"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304477/; classtype:trojan-activity;sid:84167577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304478)"; flow:established,from_client; content:"GET"; http_method; content:"/win.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304478/; classtype:trojan-activity;sid:84167578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304479)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304479/; classtype:trojan-activity;sid:84167579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304480)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_ppc64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304480/; classtype:trojan-activity;sid:84167580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304473)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304473/; classtype:trojan-activity;sid:84167573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304474)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64el"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304474/; classtype:trojan-activity;sid:84167574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304475)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_ppc64el"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304475/; classtype:trojan-activity;sid:84167575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304465)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304465/; classtype:trojan-activity;sid:84167565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304467)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64_softfloat"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304467/; classtype:trojan-activity;sid:84167567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304468)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304468/; classtype:trojan-activity;sid:84167568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304469)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304469/; classtype:trojan-activity;sid:84167569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304470)"; flow:established,from_client; content:"GET"; http_method; content:"/python"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304470/; classtype:trojan-activity;sid:84167570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304471)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips_softfloat"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304471/; classtype:trojan-activity;sid:84167571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304472)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304472/; classtype:trojan-activity;sid:84167572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304464)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304464/; classtype:trojan-activity;sid:84167564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304463)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_aarch64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304463/; classtype:trojan-activity;sid:84167563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304462)"; flow:established,from_client; content:"GET"; http_method; content:"/runji.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304462/; classtype:trojan-activity;sid:84167562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304461)"; flow:established,from_client; content:"GET"; http_method; content:"/rz.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304461/; classtype:trojan-activity;sid:84167561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304342)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.71.85.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304342/; classtype:trojan-activity;sid:84167442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304026)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.109.209.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304026/; classtype:trojan-activity;sid:84167126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303911)"; flow:established,from_client; content:"GET"; http_method; content:"/s1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.186.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3303911/; classtype:trojan-activity;sid:84167011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303910)"; flow:established,from_client; content:"GET"; http_method; content:"/f2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.186.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3303910/; classtype:trojan-activity;sid:84167010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303818)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hkvynldkcbdd50_bsw3s9tk5elbduxtg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3303818/; classtype:trojan-activity;sid:84166918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303807)"; flow:established,from_client; content:"GET"; http_method; content:"/oxzgoftltqcglwz214.bin"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mertvinc.com.tr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3303807/; classtype:trojan-activity;sid:84166907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303806)"; flow:established,from_client; content:"GET"; http_method; content:"/pqvbgxvmocliihvw108.bin"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"mertvinc.com.tr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3303806/; classtype:trojan-activity;sid:84166906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303195)"; flow:established,from_client; content:"GET"; http_method; content:"/tpwpatw126.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mertvinc.com.tr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_24; reference:url, urlhaus.abuse.ch/url/3303195/; classtype:trojan-activity;sid:84166295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303092)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.6.12.230"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_24; reference:url, urlhaus.abuse.ch/url/3303092/; classtype:trojan-activity;sid:84166192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3301868)"; flow:established,from_client; content:"GET"; http_method; content:"/frzmqn204.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mertvinc.com.tr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_24; reference:url, urlhaus.abuse.ch/url/3301868/; classtype:trojan-activity;sid:84164968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3301629)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.229.134.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_24; reference:url, urlhaus.abuse.ch/url/3301629/; classtype:trojan-activity;sid:84164729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300881)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/y.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300881/; classtype:trojan-activity;sid:84163981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300394)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/dcm/refs/heads/main/document.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300394/; classtype:trojan-activity;sid:84163494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300390)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/refs/heads/main/pasrem13.txt"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300390/; classtype:trojan-activity;sid:84163490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300391)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/refs/heads/main/nov13"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300391/; classtype:trojan-activity;sid:84163491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300392)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/refs/heads/main/rmspas.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300392/; classtype:trojan-activity;sid:84163492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300382)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/test.xll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300382/; classtype:trojan-activity;sid:84163482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300383)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/refs/heads/main/xclien.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300383/; classtype:trojan-activity;sid:84163483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300386)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/refs/heads/main/xeno"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300386/; classtype:trojan-activity;sid:84163486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300387)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/ud.bat"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300387/; classtype:trojan-activity;sid:84163487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300377)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/t.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300377/; classtype:trojan-activity;sid:84163477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300378)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/template.dotm"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300378/; classtype:trojan-activity;sid:84163478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300373)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/refs/heads/main/xxx"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300373/; classtype:trojan-activity;sid:84163473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300374)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/doadmin.png"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300374/; classtype:trojan-activity;sid:84163474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300375)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/steamerx.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300375/; classtype:trojan-activity;sid:84163475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300376)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/justpoc.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300376/; classtype:trojan-activity;sid:84163476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300371)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/u.xls"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300371/; classtype:trojan-activity;sid:84163471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300372)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/scriptlet"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300372/; classtype:trojan-activity;sid:84163472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300068)"; flow:established,from_client; content:"GET"; http_method; content:"/es.hta"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pub-cdd0dd27ae6a4aee9841d397e0496374.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3300068/; classtype:trojan-activity;sid:84163168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300064)"; flow:established,from_client; content:"GET"; http_method; content:"/faturas.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"pub-92c456788ff540628e0e809709842c78.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3300064/; classtype:trojan-activity;sid:84163164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299333)"; flow:established,from_client; content:"GET"; http_method; content:"/account/rolex_file.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"treinamento.convenio.to.gov.br"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299333/; classtype:trojan-activity;sid:84162433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299053)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.166.231.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299053/; classtype:trojan-activity;sid:84162153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298397)"; flow:established,from_client; content:"GET"; http_method; content:"/netpower.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"124.70.140.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298397/; classtype:trojan-activity;sid:84161497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.190.102.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298237/; classtype:trojan-activity;sid:84161337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298233)"; flow:established,from_client; content:"GET"; http_method; content:"/saked018/rivada/refs/heads/main/mis_file_9888123_received_xsls.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298233/; classtype:trojan-activity;sid:84161333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298219)"; flow:established,from_client; content:"GET"; http_method; content:"/saked018/rivada/raw/refs/heads/main/mis_file_9888123_received_xsls.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298219/; classtype:trojan-activity;sid:84161319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.190.102.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298218/; classtype:trojan-activity;sid:84161318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298207)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/dcm/raw/refs/heads/main/document.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298207/; classtype:trojan-activity;sid:84161307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298205)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/raw/refs/heads/main/u.xls"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298205/; classtype:trojan-activity;sid:84161305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.253.55.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297816/; classtype:trojan-activity;sid:84160916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297750)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/nube-f5f04.appspot.com/o/ansy.txt|3f|alt=media|7c|26|7c|token=703d87ea-0284-408f-b949-21b01138d2a5"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297750/; classtype:trojan-activity;sid:84160850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297585)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.57.79.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297585/; classtype:trojan-activity;sid:84160685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297335)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.247.208.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297335/; classtype:trojan-activity;sid:84160435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.253.55.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297290/; classtype:trojan-activity;sid:84160390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297269)"; flow:established,from_client; content:"GET"; http_method; content:"/wl_tp_extend_app_v1.0.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"106.42.31.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297269/; classtype:trojan-activity;sid:84160369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297261)"; flow:established,from_client; content:"GET"; http_method; content:"/wl_upgrade_new.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"106.42.31.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297261/; classtype:trojan-activity;sid:84160361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297247)"; flow:established,from_client; content:"GET"; http_method; content:"/my_upgrade_new.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"106.42.31.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297247/; classtype:trojan-activity;sid:84160347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297245)"; flow:established,from_client; content:"GET"; http_method; content:"/wait.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"106.42.31.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297245/; classtype:trojan-activity;sid:84160345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297072)"; flow:established,from_client; content:"GET"; http_method; content:"/api/files/x8kuhjgo6"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"api.ewfiles.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297072/; classtype:trojan-activity;sid:84160172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297067)"; flow:established,from_client; content:"GET"; http_method; content:"/api/files/y2neibvzn"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"api.ewfiles.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297067/; classtype:trojan-activity;sid:84160167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297053)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.15.239.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297053/; classtype:trojan-activity;sid:84160153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296987)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.174.150.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296987/; classtype:trojan-activity;sid:84160087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.150.42.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296922/; classtype:trojan-activity;sid:84160022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.42.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296897/; classtype:trojan-activity;sid:84159997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.93.44.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296485/; classtype:trojan-activity;sid:84159585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296379)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.160.216.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296379/; classtype:trojan-activity;sid:84159479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296211)"; flow:established,from_client; content:"GET"; http_method; content:"/client/pc/ireader-pc-win10.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"61.154.0.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296211/; classtype:trojan-activity;sid:84159311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296210)"; flow:established,from_client; content:"GET"; http_method; content:"/propask/cheat1/releases/download/cheat/123.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296210/; classtype:trojan-activity;sid:84159310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296209)"; flow:established,from_client; content:"GET"; http_method; content:"/crm/exe/update.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.zhikey.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296209/; classtype:trojan-activity;sid:84159309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296205)"; flow:established,from_client; content:"GET"; http_method; content:"/tsp/d3d10.dll"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"88.209.197.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296205/; classtype:trojan-activity;sid:84159305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295856)"; flow:established,from_client; content:"GET"; http_method; content:"/pq1.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"222.186.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295856/; classtype:trojan-activity;sid:84158956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295857)"; flow:established,from_client; content:"GET"; http_method; content:"/cb1.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"222.186.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295857/; classtype:trojan-activity;sid:84158957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295854)"; flow:established,from_client; content:"GET"; http_method; content:"/pq.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.186.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295854/; classtype:trojan-activity;sid:84158954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295852)"; flow:established,from_client; content:"GET"; http_method; content:"/cb2.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"222.186.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295852/; classtype:trojan-activity;sid:84158952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295853)"; flow:established,from_client; content:"GET"; http_method; content:"/cbjq..dll"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.186.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295853/; classtype:trojan-activity;sid:84158953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295851)"; flow:established,from_client; content:"GET"; http_method; content:"/cb.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.186.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295851/; classtype:trojan-activity;sid:84158951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294915)"; flow:established,from_client; content:"GET"; http_method; content:"/ledshow2.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"101.200.220.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294915/; classtype:trojan-activity;sid:84158015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294914)"; flow:established,from_client; content:"GET"; http_method; content:"/ledshow.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"101.200.220.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294914/; classtype:trojan-activity;sid:84158014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294913)"; flow:established,from_client; content:"GET"; http_method; content:"/ledshow1.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"101.200.220.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294913/; classtype:trojan-activity;sid:84158013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294912)"; flow:established,from_client; content:"GET"; http_method; content:"/ledshowa.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"101.200.220.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294912/; classtype:trojan-activity;sid:84158012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294880)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/e7vtebfe2qdfbjt87nvhu/oficio-de-notificaci-n-ejectr-nica-cendo-rama-judicial-de-la-rep-blica-de-colombia.tar.cab.tar.001|3f|rlkey=54p6fzmx3c1eovd1btwzy0re4|7c|26|7c|st=npm5oi4l|7c|26|7c|dl=0"; http_uri; depth:198; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294880/; classtype:trojan-activity;sid:84157980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294879)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/4qoef01jqan8sczprj79o/1oficio-de-notificaci-n-ejectr-nica-cendo-rama-judicial-de-la-rep-blica-de-colombia.tar.cab.tar.001|3f|rlkey=8px38d88qrq4ssw54132v5ke2|7c|26|7c|st=gg5nhz4s|7c|26|7c|dl=0"; http_uri; depth:199; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294879/; classtype:trojan-activity;sid:84157979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294619)"; flow:established,from_client; content:"GET"; http_method; content:"/noureddine-nt9/rgsdr/raw/refs/heads/main/cheet.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294619/; classtype:trojan-activity;sid:84157719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.70.203.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293584/; classtype:trojan-activity;sid:84156684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.70.203.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293544/; classtype:trojan-activity;sid:84156644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293160)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.181.28.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293160/; classtype:trojan-activity;sid:84156260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293024)"; flow:established,from_client; content:"GET"; http_method; content:"/labxmtznbcwjnkndg58.bin"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"mertvinc.com.tr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293024/; classtype:trojan-activity;sid:84156124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293016)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"24.64.128.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293016/; classtype:trojan-activity;sid:84156116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292725)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"47.181.114.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292725/; classtype:trojan-activity;sid:84155825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292014)"; flow:established,from_client; content:"GET"; http_method; content:"/n/tui/mininews/mininewsplus/3.0.0.26165/mininewsplus-2.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"mininews.kpzip.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292014/; classtype:trojan-activity;sid:84155114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291910)"; flow:established,from_client; content:"GET"; http_method; content:"/3911_wz.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"wz.3911.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291910/; classtype:trojan-activity;sid:84155010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"68.115.131.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291857/; classtype:trojan-activity;sid:84154957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291525)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.126.138.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291525/; classtype:trojan-activity;sid:84154625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.44.144.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290573/; classtype:trojan-activity;sid:84153673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290243)"; flow:established,from_client; content:"GET"; http_method; content:"/pro2.jpg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.98.201.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290243/; classtype:trojan-activity;sid:84153343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289875)"; flow:established,from_client; content:"GET"; http_method; content:"/r00ts3c/ddos-rootsec/refs/heads/master/ddos%20scripts/l4/udp/10gbpsudp.py"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289875/; classtype:trojan-activity;sid:84152975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289773)"; flow:established,from_client; content:"GET"; http_method; content:"/abcd/09.jpg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"quit.do.am"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289773/; classtype:trojan-activity;sid:84152873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289588)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/lma.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289588/; classtype:trojan-activity;sid:84152688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289584)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/drg/rtc/ad/dll.txt"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289584/; classtype:trojan-activity;sid:84152684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289585)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/drg/rtc/ab/f3dll.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289585/; classtype:trojan-activity;sid:84152685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289586)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/drg/rtc/ac/f3dll.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289586/; classtype:trojan-activity;sid:84152686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289583)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/drg/rtc/ar/f3dll.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289583/; classtype:trojan-activity;sid:84152683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289571)"; flow:established,from_client; content:"GET"; http_method; content:"/beefy.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289571/; classtype:trojan-activity;sid:84152671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289572)"; flow:established,from_client; content:"GET"; http_method; content:"/solandra.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289572/; classtype:trojan-activity;sid:84152672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.247.208.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289570/; classtype:trojan-activity;sid:84152670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.247.208.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289546/; classtype:trojan-activity;sid:84152646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.12.77.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289467/; classtype:trojan-activity;sid:84152567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.255.216.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289466/; classtype:trojan-activity;sid:84152566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"47.35.24.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289465/; classtype:trojan-activity;sid:84152565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.65.59.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289460/; classtype:trojan-activity;sid:84152560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.65.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289461/; classtype:trojan-activity;sid:84152561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.97.36.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289463/; classtype:trojan-activity;sid:84152563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"70.39.20.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289458/; classtype:trojan-activity;sid:84152558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289004)"; flow:established,from_client; content:"GET"; http_method; content:"/clip/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289004/; classtype:trojan-activity;sid:84152104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.151.133.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289001/; classtype:trojan-activity;sid:84152101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.89.21.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288922/; classtype:trojan-activity;sid:84152022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.91.180.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288919/; classtype:trojan-activity;sid:84152019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.58.80.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288305/; classtype:trojan-activity;sid:84151405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.74.222.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288304/; classtype:trojan-activity;sid:84151404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.6.64.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288303/; classtype:trojan-activity;sid:84151403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.8.38.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288298/; classtype:trojan-activity;sid:84151398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.183.9.88"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288297/; classtype:trojan-activity;sid:84151397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287713)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.126.18.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287713/; classtype:trojan-activity;sid:84150813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287707)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.94.179.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287707/; classtype:trojan-activity;sid:84150807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287692)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"123.57.209.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287692/; classtype:trojan-activity;sid:84150792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287699)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.137.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287699/; classtype:trojan-activity;sid:84150799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.233.119.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287651/; classtype:trojan-activity;sid:84150751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.201.197.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287647/; classtype:trojan-activity;sid:84150747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.205.99.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287638/; classtype:trojan-activity;sid:84150738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287639/; classtype:trojan-activity;sid:84150739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.171.188.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287640/; classtype:trojan-activity;sid:84150740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287641/; classtype:trojan-activity;sid:84150741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287642/; classtype:trojan-activity;sid:84150742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287643/; classtype:trojan-activity;sid:84150743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287644/; classtype:trojan-activity;sid:84150744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.166.191.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287645/; classtype:trojan-activity;sid:84150745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.121.12.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287632/; classtype:trojan-activity;sid:84150732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.127.218.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287636/; classtype:trojan-activity;sid:84150736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.252.66.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287637/; classtype:trojan-activity;sid:84150737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287459)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.8.81.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287459/; classtype:trojan-activity;sid:84150559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287414)"; flow:established,from_client; content:"GET"; http_method; content:"/fyjjzdxnggcbdwfmzh209.bin"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mertvinc.com.tr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287414/; classtype:trojan-activity;sid:84150514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287138)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"122.254.13.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287138/; classtype:trojan-activity;sid:84150238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.143.20.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286969/; classtype:trojan-activity;sid:84150069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.73.64.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286828/; classtype:trojan-activity;sid:84149928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.17.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286825/; classtype:trojan-activity;sid:84149925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.77.228.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286821/; classtype:trojan-activity;sid:84149921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286695)"; flow:established,from_client; content:"GET"; http_method; content:"/amidaware/rmmagent/releases/download/v2.8.0/tacticalagent-v2.8.0-windows-amd64.exe"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286695/; classtype:trojan-activity;sid:84149795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286583)"; flow:established,from_client; content:"GET"; http_method; content:"/sistemas/archivos/unico-venta3401005.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"www.flechabusretiro.com.ar"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286583/; classtype:trojan-activity;sid:84149683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286518)"; flow:established,from_client; content:"GET"; http_method; content:"/kzxiaopeng2/kuaizip_setup_-808202126_xiaopeng2_001.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"d.kpzip.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286518/; classtype:trojan-activity;sid:84149618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286514)"; flow:established,from_client; content:"GET"; http_method; content:"/download/xiaohu.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"110.40.51.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286514/; classtype:trojan-activity;sid:84149614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286510)"; flow:established,from_client; content:"GET"; http_method; content:"/autoupdate/hostfile/autoupdate.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"103.167.89.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286510/; classtype:trojan-activity;sid:84149610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.70.244.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286371/; classtype:trojan-activity;sid:84149471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.212.144.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286370/; classtype:trojan-activity;sid:84149470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"132.255.117.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286368/; classtype:trojan-activity;sid:84149468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.254.13.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286366/; classtype:trojan-activity;sid:84149466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.160.164.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286361/; classtype:trojan-activity;sid:84149461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286204)"; flow:established,from_client; content:"GET"; http_method; content:"/dutch.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286204/; classtype:trojan-activity;sid:84149304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286205)"; flow:established,from_client; content:"GET"; http_method; content:"/1010.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286205/; classtype:trojan-activity;sid:84149305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286206)"; flow:established,from_client; content:"GET"; http_method; content:"/xt.png"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286206/; classtype:trojan-activity;sid:84149306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286207)"; flow:established,from_client; content:"GET"; http_method; content:"/gold.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286207/; classtype:trojan-activity;sid:84149307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286208)"; flow:established,from_client; content:"GET"; http_method; content:"/oldxteam.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286208/; classtype:trojan-activity;sid:84149308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286209)"; flow:established,from_client; content:"GET"; http_method; content:"/sae.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286209/; classtype:trojan-activity;sid:84149309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286096)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ha7dur10.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286096/; classtype:trojan-activity;sid:84149196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286094)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gaozw40v.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286094/; classtype:trojan-activity;sid:84149194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286095)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/41m98slk.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286095/; classtype:trojan-activity;sid:84149195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286093)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/88851n80.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286093/; classtype:trojan-activity;sid:84149193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286091)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/99awhy8l.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286091/; classtype:trojan-activity;sid:84149191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286090)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2r61ahry.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286090/; classtype:trojan-activity;sid:84149190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286088)"; flow:established,from_client; content:"GET"; http_method; content:"/fru7nk9/plugins/cred64.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286088/; classtype:trojan-activity;sid:84149188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286089)"; flow:established,from_client; content:"GET"; http_method; content:"/fru7nk9/plugins/cred.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286089/; classtype:trojan-activity;sid:84149189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286087)"; flow:established,from_client; content:"GET"; http_method; content:"/fru7nk9/plugins/clip.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286087/; classtype:trojan-activity;sid:84149187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286086)"; flow:established,from_client; content:"GET"; http_method; content:"/fru7nk9/plugins/clip64.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286086/; classtype:trojan-activity;sid:84149186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286067)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/rust-reverse-shell/main/shellcode.bin"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286067/; classtype:trojan-activity;sid:84149167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286065)"; flow:established,from_client; content:"GET"; http_method; content:"/showqa/xt/refs/heads/main/shellcodeany.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286065/; classtype:trojan-activity;sid:84149165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286062)"; flow:established,from_client; content:"GET"; http_method; content:"/woord02/nigga/raw/refs/heads/main/majesticexec.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286062/; classtype:trojan-activity;sid:84149162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286058)"; flow:established,from_client; content:"GET"; http_method; content:"/showqa/xt/raw/refs/heads/main/shellcodeany.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286058/; classtype:trojan-activity;sid:84149158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.79.113.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285683/; classtype:trojan-activity;sid:84148783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"68.115.131.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285580/; classtype:trojan-activity;sid:84148680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.162.59.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285433/; classtype:trojan-activity;sid:84148533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285428)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/-pril/refs/heads/main/kldrgawdtjawd.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285428/; classtype:trojan-activity;sid:84148528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285392)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.71.85.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285392/; classtype:trojan-activity;sid:84148492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284809)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ohtie89k.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284809/; classtype:trojan-activity;sid:84147909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284806)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/te3tlsre.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284806/; classtype:trojan-activity;sid:84147906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284805)"; flow:established,from_client; content:"GET"; http_method; content:"/lego/ama.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284805/; classtype:trojan-activity;sid:84147905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284804)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/qth5kdee.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284804/; classtype:trojan-activity;sid:84147904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284802)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/88aext0k.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284802/; classtype:trojan-activity;sid:84147902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284803)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ji2xlo1f.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284803/; classtype:trojan-activity;sid:84147903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284801)"; flow:established,from_client; content:"GET"; http_method; content:"/steam/random.exe|3f|9i/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284801/; classtype:trojan-activity;sid:84147901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284800)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/sgx4824p.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284800/; classtype:trojan-activity;sid:84147900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284799)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bqkriy6l.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284799/; classtype:trojan-activity;sid:84147899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284798)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/7cl16anh.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284798/; classtype:trojan-activity;sid:84147898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284797)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/uctgkfb7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284797/; classtype:trojan-activity;sid:84147897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284749)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/f86nrrc6.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284749/; classtype:trojan-activity;sid:84147849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284404)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.89.112.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284404/; classtype:trojan-activity;sid:84147504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284346)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/refs/heads/main/njrtdhadawt.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284346/; classtype:trojan-activity;sid:84147446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284321)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.190.102.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284321/; classtype:trojan-activity;sid:84147421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284272)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.153.254.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284272/; classtype:trojan-activity;sid:84147372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284173)"; flow:established,from_client; content:"GET"; http_method; content:"/fru7nk9/plugins/clip64.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284173/; classtype:trojan-activity;sid:84147273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284172)"; flow:established,from_client; content:"GET"; http_method; content:"/fru7nk9/plugins/clip.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284172/; classtype:trojan-activity;sid:84147272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283570)"; flow:established,from_client; content:"GET"; http_method; content:"/readme/glued.hta"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"armanayegh.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283570/; classtype:trojan-activity;sid:84146670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283560)"; flow:established,from_client; content:"GET"; http_method; content:"/readme/bin.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"armanayegh.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283560/; classtype:trojan-activity;sid:84146660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282128)"; flow:established,from_client; content:"GET"; http_method; content:"/frpc.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"101.133.156.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282128/; classtype:trojan-activity;sid:84145228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282120)"; flow:established,from_client; content:"GET"; http_method; content:"/mysql.bat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"101.133.156.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282120/; classtype:trojan-activity;sid:84145220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281714)"; flow:established,from_client; content:"GET"; http_method; content:"/s3cur3th1ssh1t/creds/master/obfuscatedps/dccuac.ps1"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281714/; classtype:trojan-activity;sid:84144814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281603)"; flow:established,from_client; content:"GET"; http_method; content:"/0311/x1zadjlpndvykembsf6i.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281603/; classtype:trojan-activity;sid:84144703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281578)"; flow:established,from_client; content:"GET"; http_method; content:"/maxz/update/client/client.exe.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"103.174.191.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281578/; classtype:trojan-activity;sid:84144678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281577)"; flow:established,from_client; content:"GET"; http_method; content:"/maxz/update/client/dsetup.dll.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"103.174.191.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281577/; classtype:trojan-activity;sid:84144677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281085)"; flow:established,from_client; content:"GET"; http_method; content:"/barrigudinha157/barrigudinha/raw/master/rage.dll"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281085/; classtype:trojan-activity;sid:84144185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280814)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.190.102.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280814/; classtype:trojan-activity;sid:84143914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280797)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0niums/repo/refs/heads/main/nvidia.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280797/; classtype:trojan-activity;sid:84143897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280762)"; flow:established,from_client; content:"GET"; http_method; content:"/woord02/nigga/refs/heads/main/majesticexec.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280762/; classtype:trojan-activity;sid:84143862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280713)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/main/arm7"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280713/; classtype:trojan-activity;sid:84143813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280680)"; flow:established,from_client; content:"GET"; http_method; content:"/fiies/stormfn-launcher/raw/refs/heads/main/stormfn-launcher.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280680/; classtype:trojan-activity;sid:84143780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280205)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.24.38.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280205/; classtype:trojan-activity;sid:84143305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280170)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.217.7.79"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280170/; classtype:trojan-activity;sid:84143270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280151)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.100.70.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280151/; classtype:trojan-activity;sid:84143251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280158)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.77.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280158/; classtype:trojan-activity;sid:84143258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280138)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/raw/refs/heads/main/njrtdhadawt.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280138/; classtype:trojan-activity;sid:84143238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279845)"; flow:established,from_client; content:"GET"; http_method; content:"/steam/random.exe|3f|9i"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279845/; classtype:trojan-activity;sid:84142945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279844)"; flow:established,from_client; content:"GET"; http_method; content:"/mine/random.exe|3f|y"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279844/; classtype:trojan-activity;sid:84142944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279353)"; flow:established,from_client; content:"GET"; http_method; content:"/xavieprowel/crispy-palm-tree/releases/download/1/3e3ev3.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279353/; classtype:trojan-activity;sid:84142453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278973)"; flow:established,from_client; content:"GET"; http_method; content:"/a.ini"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"downsexv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278973/; classtype:trojan-activity;sid:84142073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278974)"; flow:established,from_client; content:"GET"; http_method; content:"/cdb.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"downsexv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278974/; classtype:trojan-activity;sid:84142074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278970)"; flow:established,from_client; content:"GET"; http_method; content:"/c.bin"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"downsexv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278970/; classtype:trojan-activity;sid:84142070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278972)"; flow:established,from_client; content:"GET"; http_method; content:"/c3.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"downsexv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278972/; classtype:trojan-activity;sid:84142072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278965)"; flow:established,from_client; content:"GET"; http_method; content:"/calc.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"downsexv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278965/; classtype:trojan-activity;sid:84142065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278966)"; flow:established,from_client; content:"GET"; http_method; content:"/msf.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"downsexv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278966/; classtype:trojan-activity;sid:84142066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278844)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/3yh8gdte.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278844/; classtype:trojan-activity;sid:84141944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278840)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/raw/refs/heads/main/khtoawdltrha.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278840/; classtype:trojan-activity;sid:84141940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278826)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/jb4w5s2l.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278826/; classtype:trojan-activity;sid:84141926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278828)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/6nteyex7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278828/; classtype:trojan-activity;sid:84141928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278782)"; flow:established,from_client; content:"GET"; http_method; content:"/v4setup.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"pub-d6448def2aba44ce96071bebcc1ce641.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278782/; classtype:trojan-activity;sid:84141882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278669)"; flow:established,from_client; content:"GET"; http_method; content:"/txdown_disk/%e8%bd%af%e4%bb%b6%e4%bd%bf%e7%94%a8/%e7%bc%ba%e5%a4%b1%e4%b8%8b%e8%bd%bd/plugin.dll"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"disk.accord1key.cn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278669/; classtype:trojan-activity;sid:84141769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278659)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/raw/refs/heads/main/jerniuiopu.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278659/; classtype:trojan-activity;sid:84141759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278660)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/raw/refs/heads/main/hbfgjhhesfd.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278660/; classtype:trojan-activity;sid:84141760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278583)"; flow:established,from_client; content:"GET"; http_method; content:"/itschangat/test/refs/heads/main/server.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278583/; classtype:trojan-activity;sid:84141683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278579)"; flow:established,from_client; content:"GET"; http_method; content:"/felikzig/wdt/refs/heads/main/collosalloader.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278579/; classtype:trojan-activity;sid:84141679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278577)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/osiris/refs/heads/main/2klz.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278577/; classtype:trojan-activity;sid:84141677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278578)"; flow:established,from_client; content:"GET"; http_method; content:"/bonsko216/1/refs/heads/main/runtimebroker.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278578/; classtype:trojan-activity;sid:84141678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278573)"; flow:established,from_client; content:"GET"; http_method; content:"/ciphershld/ms-p-1a/master/setup%20ms%20p-1a.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278573/; classtype:trojan-activity;sid:84141673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278575)"; flow:established,from_client; content:"GET"; http_method; content:"/endity123/fivem-spoofer/main/reaper%20cfx%20spoofer%20v2.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278575/; classtype:trojan-activity;sid:84141675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278576)"; flow:established,from_client; content:"GET"; http_method; content:"/minecradt/regdelete/readme-edits/hell9o.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278576/; classtype:trojan-activity;sid:84141676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278566)"; flow:established,from_client; content:"GET"; http_method; content:"/unix-cmd/dev/main/discord.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278566/; classtype:trojan-activity;sid:84141666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278567)"; flow:established,from_client; content:"GET"; http_method; content:"/openpeach/dotnetfx_cleanup_tool/refs/heads/master/cleanup_tool.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278567/; classtype:trojan-activity;sid:84141667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278570)"; flow:established,from_client; content:"GET"; http_method; content:"/cavxsy/crazy.spoofer/refs/heads/main/loader.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278570/; classtype:trojan-activity;sid:84141670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278571)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"download-winsdownload-wins.oss-cn-hangzhou.aliyuncs.com"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278571/; classtype:trojan-activity;sid:84141671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278559)"; flow:established,from_client; content:"GET"; http_method; content:"/skibidisigmer/fncleanerv2/releases/download/cleanerv2/cleanerv2.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278559/; classtype:trojan-activity;sid:84141659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278560)"; flow:established,from_client; content:"GET"; http_method; content:"/sleepysnz/skibidi/archive/refs/heads/main.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278560/; classtype:trojan-activity;sid:84141660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278555)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/raw/refs/heads/main/jerniuiopu.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278555/; classtype:trojan-activity;sid:84141655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278556)"; flow:established,from_client; content:"GET"; http_method; content:"/new.pdf"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"152.67.4.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278556/; classtype:trojan-activity;sid:84141656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278558)"; flow:established,from_client; content:"GET"; http_method; content:"/bonsko216/1/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278558/; classtype:trojan-activity;sid:84141658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278554)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/raw/refs/heads/main/hbfgjhhesfd.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278554/; classtype:trojan-activity;sid:84141654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278544)"; flow:established,from_client; content:"GET"; http_method; content:"/itschangat/test/raw/refs/heads/main/server.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278544/; classtype:trojan-activity;sid:84141644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278361)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=17hv9-3t2ilikbmcfql2z66ipd72x4mz7"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278361/; classtype:trojan-activity;sid:84141461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278330)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/drg/rtc/ac/pef3.txt"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278330/; classtype:trojan-activity;sid:84141430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278272)"; flow:established,from_client; content:"GET"; http_method; content:"/c1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.56.118.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278272/; classtype:trojan-activity;sid:84141372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278271)"; flow:established,from_client; content:"GET"; http_method; content:"/c2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.56.118.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278271/; classtype:trojan-activity;sid:84141371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278267)"; flow:established,from_client; content:"GET"; http_method; content:"/sam.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"146.56.118.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278267/; classtype:trojan-activity;sid:84141367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278265)"; flow:established,from_client; content:"GET"; http_method; content:"/c3.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.56.118.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278265/; classtype:trojan-activity;sid:84141365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278266)"; flow:established,from_client; content:"GET"; http_method; content:"/msf.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"146.56.118.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278266/; classtype:trojan-activity;sid:84141366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278261)"; flow:established,from_client; content:"GET"; http_method; content:"/c.bin"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"146.56.118.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278261/; classtype:trojan-activity;sid:84141361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278262)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"146.56.118.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278262/; classtype:trojan-activity;sid:84141362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278263)"; flow:established,from_client; content:"GET"; http_method; content:"/calc.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"146.56.118.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278263/; classtype:trojan-activity;sid:84141363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278264)"; flow:established,from_client; content:"GET"; http_method; content:"/st.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.56.118.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278264/; classtype:trojan-activity;sid:84141364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278044)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/j4vzzuai.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278044/; classtype:trojan-activity;sid:84141144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.229.134.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278043/; classtype:trojan-activity;sid:84141143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.229.134.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278019/; classtype:trojan-activity;sid:84141119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.11.38"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277664/; classtype:trojan-activity;sid:84140764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276956)"; flow:established,from_client; content:"GET"; http_method; content:"/mig"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"216.201.80.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276956/; classtype:trojan-activity;sid:84140056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276896)"; flow:established,from_client; content:"GET"; http_method; content:"/loistupidpet/sfdawsdawdaw/main/serials_checker.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276896/; classtype:trojan-activity;sid:84139996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.70.24.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276887/; classtype:trojan-activity;sid:84139987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276853)"; flow:established,from_client; content:"GET"; http_method; content:"/analhacker/-/raw/main/xclient.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276853/; classtype:trojan-activity;sid:84139953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276854)"; flow:established,from_client; content:"GET"; http_method; content:"/minhdmkk6/bot2/raw/refs/heads/main/xclient.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276854/; classtype:trojan-activity;sid:84139954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276855)"; flow:established,from_client; content:"GET"; http_method; content:"/analhacker/htt/raw/main/xclient.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276855/; classtype:trojan-activity;sid:84139955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276842)"; flow:established,from_client; content:"GET"; http_method; content:"/bodyblazexaa/dll/raw/main/xclient.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276842/; classtype:trojan-activity;sid:84139942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276844)"; flow:established,from_client; content:"GET"; http_method; content:"/babadura123/banana/raw/refs/heads/main/xclient.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276844/; classtype:trojan-activity;sid:84139944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276845)"; flow:established,from_client; content:"GET"; http_method; content:"/makslalp123/rakdj213/raw/master/xclient.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276845/; classtype:trojan-activity;sid:84139945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276846)"; flow:established,from_client; content:"GET"; http_method; content:"/helelehelafsdf163/batata/raw/refs/heads/main/xclient.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276846/; classtype:trojan-activity;sid:84139946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276847)"; flow:established,from_client; content:"GET"; http_method; content:"/smerttb2/xvpn/raw/main/xclient.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276847/; classtype:trojan-activity;sid:84139947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276848)"; flow:established,from_client; content:"GET"; http_method; content:"/minhdmkk6/bot1/raw/refs/heads/main/xclient.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276848/; classtype:trojan-activity;sid:84139948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276850)"; flow:established,from_client; content:"GET"; http_method; content:"/stezxyz/svchost.exe/raw/main/xclient.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276850/; classtype:trojan-activity;sid:84139950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276841)"; flow:established,from_client; content:"GET"; http_method; content:"/tubocdev/ratbuildpenis/raw/main/xclient.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276841/; classtype:trojan-activity;sid:84139941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276839)"; flow:established,from_client; content:"GET"; http_method; content:"/bodyblazexaa/dll/raw/main/xclient.exe/"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276839/; classtype:trojan-activity;sid:84139939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276833)"; flow:established,from_client; content:"GET"; http_method; content:"/makslalp123/rakdj213/raw/master/xclient.exe/"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276833/; classtype:trojan-activity;sid:84139933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276826)"; flow:established,from_client; content:"GET"; http_method; content:"/tubocdev/ratbuildpenis/raw/main/xclient.exe/"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276826/; classtype:trojan-activity;sid:84139926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276828)"; flow:established,from_client; content:"GET"; http_method; content:"/uspat/capybara_jar/raw/main/xclient.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276828/; classtype:trojan-activity;sid:84139928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276829)"; flow:established,from_client; content:"GET"; http_method; content:"/minhdmkk6/bot1/raw/refs/heads/main/xclient.exe/"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276829/; classtype:trojan-activity;sid:84139929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276830)"; flow:established,from_client; content:"GET"; http_method; content:"/smerttb2/xvpn/raw/main/xclient.exe/"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276830/; classtype:trojan-activity;sid:84139930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276831)"; flow:established,from_client; content:"GET"; http_method; content:"/analhacker/htt/raw/main/xclient.exe/"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276831/; classtype:trojan-activity;sid:84139931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276832)"; flow:established,from_client; content:"GET"; http_method; content:"/analhacker/htt/main/xclient.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276832/; classtype:trojan-activity;sid:84139932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276824)"; flow:established,from_client; content:"GET"; http_method; content:"/minhdmkk6/bot2/raw/refs/heads/main/xclient.exe/"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276824/; classtype:trojan-activity;sid:84139924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276712)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gdn5yfjd.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276712/; classtype:trojan-activity;sid:84139812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276706)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/feb9sxwk.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276706/; classtype:trojan-activity;sid:84139806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276607)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/18ijuw13.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276607/; classtype:trojan-activity;sid:84139707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276414)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kmvcsaed.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276414/; classtype:trojan-activity;sid:84139514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276354)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/7777.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276354/; classtype:trojan-activity;sid:84139454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.163.170.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276226/; classtype:trojan-activity;sid:84139326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275784)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/myrdx.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275784/; classtype:trojan-activity;sid:84138884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275661)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1leawzinny0otn692olyowavbzv4iveup"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275661/; classtype:trojan-activity;sid:84138761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275662)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=16z2gvd5s8diouvqouq99hwjk2tfvmiwx"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275662/; classtype:trojan-activity;sid:84138762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275658)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1-8qpzgr4-iis53p1-kr2-o6prrjmnksk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275658/; classtype:trojan-activity;sid:84138758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275657)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1huotbd1zjmnea4wg46v7jnontoz7cpfk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275657/; classtype:trojan-activity;sid:84138757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275656)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ubqrhziusgl-cn_nie2_udj4qi6qrqsw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275656/; classtype:trojan-activity;sid:84138756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275247)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=162fomrp1wzqrlitdgp2spt1ubzpwj5ox"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275247/; classtype:trojan-activity;sid:84138347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275240)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ikoxnnlvglh6jhnfqkrsihss_p2dqkyp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275240/; classtype:trojan-activity;sid:84138340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275241)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1r7oi2jekx0ks1wqpt0ms3_kqvukzy3dv"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275241/; classtype:trojan-activity;sid:84138341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.219.216.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274957/; classtype:trojan-activity;sid:84138057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.70.24.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274892/; classtype:trojan-activity;sid:84137992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.23.51.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274647/; classtype:trojan-activity;sid:84137747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.0.199.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274635/; classtype:trojan-activity;sid:84137735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.41.182.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274607/; classtype:trojan-activity;sid:84137707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.2.41.165"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274606/; classtype:trojan-activity;sid:84137706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.104.33.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274602/; classtype:trojan-activity;sid:84137702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.19.13.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274591/; classtype:trojan-activity;sid:84137691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274282)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274282/; classtype:trojan-activity;sid:84137382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274275)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274275/; classtype:trojan-activity;sid:84137375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274278)"; flow:established,from_client; content:"GET"; http_method; content:"/1"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274278/; classtype:trojan-activity;sid:84137378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274246)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274246/; classtype:trojan-activity;sid:84137346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274247)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274247/; classtype:trojan-activity;sid:84137347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274248)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274248/; classtype:trojan-activity;sid:84137348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274249)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274249/; classtype:trojan-activity;sid:84137349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274250)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274250/; classtype:trojan-activity;sid:84137350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274252)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274252/; classtype:trojan-activity;sid:84137352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274254)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274254/; classtype:trojan-activity;sid:84137354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274256)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274256/; classtype:trojan-activity;sid:84137356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274259)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274259/; classtype:trojan-activity;sid:84137359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274262)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274262/; classtype:trojan-activity;sid:84137362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274263)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274263/; classtype:trojan-activity;sid:84137363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274267)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274267/; classtype:trojan-activity;sid:84137367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274270)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274270/; classtype:trojan-activity;sid:84137370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274271)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274271/; classtype:trojan-activity;sid:84137371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274064)"; flow:established,from_client; content:"GET"; http_method; content:"/borisizdabezt/exitlag-hwid-spoofer/main/drv64.dll"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274064/; classtype:trojan-activity;sid:84137164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274049)"; flow:established,from_client; content:"GET"; http_method; content:"/realstrings/lydian-spoofer/raw/main/spoofy.sys"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274049/; classtype:trojan-activity;sid:84137149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274046)"; flow:established,from_client; content:"GET"; http_method; content:"/skarsys/assaultcubecheat/main/spoofy.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274046/; classtype:trojan-activity;sid:84137146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274047)"; flow:established,from_client; content:"GET"; http_method; content:"/realstrings/lydian-spoofer/refs/heads/main/spoofy.sys"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274047/; classtype:trojan-activity;sid:84137147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274048)"; flow:established,from_client; content:"GET"; http_method; content:"/realstrings/lydian-spoofer/raw/refs/heads/main/spoofy.sys"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274048/; classtype:trojan-activity;sid:84137148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274002)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274002/; classtype:trojan-activity;sid:84137102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273981)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273981/; classtype:trojan-activity;sid:84137081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273982)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273982/; classtype:trojan-activity;sid:84137082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273983)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273983/; classtype:trojan-activity;sid:84137083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273984)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273984/; classtype:trojan-activity;sid:84137084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273987)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273987/; classtype:trojan-activity;sid:84137087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273989)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273989/; classtype:trojan-activity;sid:84137089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273990)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273990/; classtype:trojan-activity;sid:84137090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273994)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273994/; classtype:trojan-activity;sid:84137094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273996)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273996/; classtype:trojan-activity;sid:84137096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273997)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273997/; classtype:trojan-activity;sid:84137097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273998)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273998/; classtype:trojan-activity;sid:84137098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273999)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273999/; classtype:trojan-activity;sid:84137099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273949)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273949/; classtype:trojan-activity;sid:84137049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273941)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273941/; classtype:trojan-activity;sid:84137041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273934)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/raw/refs/heads/main/ktyhpldea.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273934/; classtype:trojan-activity;sid:84137034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273935)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/ad/main/gestor%20de%20pedidos.apk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273935/; classtype:trojan-activity;sid:84137035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273936)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/-pril/refs/heads/main/pothjadwtrgh.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273936/; classtype:trojan-activity;sid:84137036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273937)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/ae/main/ready.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273937/; classtype:trojan-activity;sid:84137037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273925)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/raw/refs/heads/main/ptihjawdthas.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273925/; classtype:trojan-activity;sid:84137025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273927)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/raw/refs/heads/main/njrtdhadawt.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273927/; classtype:trojan-activity;sid:84137027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273928)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/ad/main/bb.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273928/; classtype:trojan-activity;sid:84137028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273930)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"download-winsdownload-wins.oss-cn-hangzhou.aliyuncs.com"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273930/; classtype:trojan-activity;sid:84137030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273931)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/ad/main/ready.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273931/; classtype:trojan-activity;sid:84137031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273933)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/-pril/raw/refs/heads/main/pothjadwtrgh.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273933/; classtype:trojan-activity;sid:84137033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273911)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273911/; classtype:trojan-activity;sid:84137011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273912)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273912/; classtype:trojan-activity;sid:84137012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273913)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273913/; classtype:trojan-activity;sid:84137013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273914)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273914/; classtype:trojan-activity;sid:84137014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273915)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273915/; classtype:trojan-activity;sid:84137015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273907)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273907/; classtype:trojan-activity;sid:84137007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273908)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273908/; classtype:trojan-activity;sid:84137008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273909)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273909/; classtype:trojan-activity;sid:84137009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273906)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273906/; classtype:trojan-activity;sid:84137006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273903)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273903/; classtype:trojan-activity;sid:84137003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273888)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273888/; classtype:trojan-activity;sid:84136988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273889)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273889/; classtype:trojan-activity;sid:84136989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273868)"; flow:established,from_client; content:"GET"; http_method; content:"/download/telegram.apk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"telegramcn.co"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273868/; classtype:trojan-activity;sid:84136968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273408)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ldqj18tn.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273408/; classtype:trojan-activity;sid:84136508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273406)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build555.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273406/; classtype:trojan-activity;sid:84136506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273407)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/psfei0ez.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273407/; classtype:trojan-activity;sid:84136507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273403)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/installer.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273403/; classtype:trojan-activity;sid:84136503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273398)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build11.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273398/; classtype:trojan-activity;sid:84136498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273314)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/123.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273314/; classtype:trojan-activity;sid:84136414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273308)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/87f3f2.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273308/; classtype:trojan-activity;sid:84136408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273161)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/hhnjqu9y.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273161/; classtype:trojan-activity;sid:84136261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273148)"; flow:established,from_client; content:"GET"; http_method; content:"/store/vidar.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273148/; classtype:trojan-activity;sid:84136248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273145)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lespim"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273145/; classtype:trojan-activity;sid:84136245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273146)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/k86m"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273146/; classtype:trojan-activity;sid:84136246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273143)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/686i"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273143/; classtype:trojan-activity;sid:84136243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273144)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spim"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273144/; classtype:trojan-activity;sid:84136244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273131)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273131/; classtype:trojan-activity;sid:84136231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272384)"; flow:established,from_client; content:"GET"; http_method; content:"/lee.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"101.133.156.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272384/; classtype:trojan-activity;sid:84135484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272262)"; flow:established,from_client; content:"GET"; http_method; content:"/we.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.133.156.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272262/; classtype:trojan-activity;sid:84135362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272091)"; flow:established,from_client; content:"GET"; http_method; content:"/marcin2123/jjsploit/raw/refs/heads/main/jjsploit_8.10.7_x64-setup.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272091/; classtype:trojan-activity;sid:84135191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272092)"; flow:established,from_client; content:"GET"; http_method; content:"/ordogos2/g575/releases/download/download/setup.7.0.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272092/; classtype:trojan-activity;sid:84135192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272093)"; flow:established,from_client; content:"GET"; http_method; content:"/kookspook24/ovix-gta-5-mod-menu-updated/releases/download/ovix-mod-menu/launcher.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272093/; classtype:trojan-activity;sid:84135193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272094)"; flow:established,from_client; content:"GET"; http_method; content:"/marcin2123/jjsploit/refs/heads/main/jjsploit_8.10.7_x64-setup.exe"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272094/; classtype:trojan-activity;sid:84135194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272090)"; flow:established,from_client; content:"GET"; http_method; content:"/marcin2123/jjsploit/refs/heads/main/file_jjsploit"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272090/; classtype:trojan-activity;sid:84135190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272071)"; flow:established,from_client; content:"GET"; http_method; content:"/_files/archives/3a0432_20f7bb04cf594d18b1df2c723ba97835.zip|3f|dn=!%20chromer%20updaters.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"www.rphingenieria.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272071/; classtype:trojan-activity;sid:84135171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272008)"; flow:established,from_client; content:"GET"; http_method; content:"/c3pool7.bat"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"c3poolbat.oss-accelerate.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272008/; classtype:trojan-activity;sid:84135108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272005)"; flow:established,from_client; content:"GET"; http_method; content:"/autoc3pool.bat"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c3poolbat.oss-accelerate.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272005/; classtype:trojan-activity;sid:84135105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271922)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/injector.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271922/; classtype:trojan-activity;sid:84135022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271923)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/injectorold.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271923/; classtype:trojan-activity;sid:84135023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271924)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/driver.sys"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271924/; classtype:trojan-activity;sid:84135024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271925)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/loader.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271925/; classtype:trojan-activity;sid:84135025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271919)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/ogfn%20updater.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271919/; classtype:trojan-activity;sid:84135019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271920)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/pclient.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271920/; classtype:trojan-activity;sid:84135020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271921)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/kdmapper_release.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271921/; classtype:trojan-activity;sid:84135021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271910)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/arm7/"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271910/; classtype:trojan-activity;sid:84135010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271694)"; flow:established,from_client; content:"GET"; http_method; content:"/rlaz.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271694/; classtype:trojan-activity;sid:84134794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271693)"; flow:established,from_client; content:"GET"; http_method; content:"/checkypc.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"123.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271693/; classtype:trojan-activity;sid:84134793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271692)"; flow:established,from_client; content:"GET"; http_method; content:"/vc17x64.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271692/; classtype:trojan-activity;sid:84134792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271691)"; flow:established,from_client; content:"GET"; http_method; content:"/pchunter64.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271691/; classtype:trojan-activity;sid:84134791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271690)"; flow:established,from_client; content:"GET"; http_method; content:"/remotelyanywhere11.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271690/; classtype:trojan-activity;sid:84134790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271687)"; flow:established,from_client; content:"GET"; http_method; content:"/rlol.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271687/; classtype:trojan-activity;sid:84134787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271688)"; flow:established,from_client; content:"GET"; http_method; content:"/clean.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271688/; classtype:trojan-activity;sid:84134788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271689)"; flow:established,from_client; content:"GET"; http_method; content:"/pm3100.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271689/; classtype:trojan-activity;sid:84134789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271686)"; flow:established,from_client; content:"GET"; http_method; content:"/qwsrv3.3.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271686/; classtype:trojan-activity;sid:84134786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271681)"; flow:established,from_client; content:"GET"; http_method; content:"/x210.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271681/; classtype:trojan-activity;sid:84134781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271683)"; flow:established,from_client; content:"GET"; http_method; content:"/ydcx.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271683/; classtype:trojan-activity;sid:84134783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271684)"; flow:established,from_client; content:"GET"; http_method; content:"/smb.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271684/; classtype:trojan-activity;sid:84134784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271685)"; flow:established,from_client; content:"GET"; http_method; content:"/kb2808679x64.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271685/; classtype:trojan-activity;sid:84134785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271678)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271678/; classtype:trojan-activity;sid:84134778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271679)"; flow:established,from_client; content:"GET"; http_method; content:"/rlpb15.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271679/; classtype:trojan-activity;sid:84134779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271680)"; flow:established,from_client; content:"GET"; http_method; content:"/hydkj.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271680/; classtype:trojan-activity;sid:84134780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271675)"; flow:established,from_client; content:"GET"; http_method; content:"/autoruns.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271675/; classtype:trojan-activity;sid:84134775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271676)"; flow:established,from_client; content:"GET"; http_method; content:"/xwwn.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271676/; classtype:trojan-activity;sid:84134776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271677)"; flow:established,from_client; content:"GET"; http_method; content:"/wbgjupdate.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271677/; classtype:trojan-activity;sid:84134777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271674)"; flow:established,from_client; content:"GET"; http_method; content:"/sgn.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271674/; classtype:trojan-activity;sid:84134774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271670)"; flow:established,from_client; content:"GET"; http_method; content:"/wgupdate.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271670/; classtype:trojan-activity;sid:84134770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271671)"; flow:established,from_client; content:"GET"; http_method; content:"/msbd.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271671/; classtype:trojan-activity;sid:84134771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271672)"; flow:established,from_client; content:"GET"; http_method; content:"/hdtune.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271672/; classtype:trojan-activity;sid:84134772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271669)"; flow:established,from_client; content:"GET"; http_method; content:"/fping.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ywxww.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271669/; classtype:trojan-activity;sid:84134769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271668)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost1.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271668/; classtype:trojan-activity;sid:84134768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271664)"; flow:established,from_client; content:"GET"; http_method; content:"/wblog.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271664/; classtype:trojan-activity;sid:84134764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271665)"; flow:established,from_client; content:"GET"; http_method; content:"/xww.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271665/; classtype:trojan-activity;sid:84134765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271666)"; flow:established,from_client; content:"GET"; http_method; content:"/steam.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271666/; classtype:trojan-activity;sid:84134766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271661)"; flow:established,from_client; content:"GET"; http_method; content:"/xwwupdate.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271661/; classtype:trojan-activity;sid:84134761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271662)"; flow:established,from_client; content:"GET"; http_method; content:"/zwywupdate.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ywxww.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271662/; classtype:trojan-activity;sid:84134762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271663)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"123.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271663/; classtype:trojan-activity;sid:84134763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271655)"; flow:established,from_client; content:"GET"; http_method; content:"/bxn.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271655/; classtype:trojan-activity;sid:84134755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271658)"; flow:established,from_client; content:"GET"; http_method; content:"/sgupdate.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271658/; classtype:trojan-activity;sid:84134758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271659)"; flow:established,from_client; content:"GET"; http_method; content:"/cpie.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271659/; classtype:trojan-activity;sid:84134759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271652)"; flow:established,from_client; content:"GET"; http_method; content:"/wgn.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271652/; classtype:trojan-activity;sid:84134752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271653)"; flow:established,from_client; content:"GET"; http_method; content:"/wljc.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271653/; classtype:trojan-activity;sid:84134753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271651)"; flow:established,from_client; content:"GET"; http_method; content:"/wbgjn.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271651/; classtype:trojan-activity;sid:84134751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271642)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271642/; classtype:trojan-activity;sid:84134742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271634)"; flow:established,from_client; content:"GET"; http_method; content:"/undertalanted/mod/refs/heads/main/svchost.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271634/; classtype:trojan-activity;sid:84134734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271633)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a12xxx1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271633/; classtype:trojan-activity;sid:84134733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271632)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a18qqq1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271632/; classtype:trojan-activity;sid:84134732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271630)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a23uuu1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271630/; classtype:trojan-activity;sid:84134730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271631)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a19ccc1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271631/; classtype:trojan-activity;sid:84134731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271626)"; flow:established,from_client; content:"GET"; http_method; content:"/charshop/tempspooferxx/raw/main/svchost.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271626/; classtype:trojan-activity;sid:84134726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271627)"; flow:established,from_client; content:"GET"; http_method; content:"/charshop/sigma-nonrat/raw/main/svchost.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271627/; classtype:trojan-activity;sid:84134727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271628)"; flow:established,from_client; content:"GET"; http_method; content:"/furystorage/api/raw/main/svchost.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271628/; classtype:trojan-activity;sid:84134728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271629)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a15aaa1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271629/; classtype:trojan-activity;sid:84134729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271624)"; flow:established,from_client; content:"GET"; http_method; content:"/sdifru877234/ilu123g5/main/svchost.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271624/; classtype:trojan-activity;sid:84134724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271618)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"122.51.183.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271618/; classtype:trojan-activity;sid:84134718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271617)"; flow:established,from_client; content:"GET"; http_method; content:"/regolx1/hadb/refs/heads/main/svchost.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271617/; classtype:trojan-activity;sid:84134717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271615)"; flow:established,from_client; content:"GET"; http_method; content:"/stezxyz/svchost.exe/main/client-built.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271615/; classtype:trojan-activity;sid:84134715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271614)"; flow:established,from_client; content:"GET"; http_method; content:"/chokopie333/doom/main/svchost.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271614/; classtype:trojan-activity;sid:84134714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271612)"; flow:established,from_client; content:"GET"; http_method; content:"/artem674118/erterytry/main/svchost.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271612/; classtype:trojan-activity;sid:84134712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271613)"; flow:established,from_client; content:"GET"; http_method; content:"/charshop/sigma-nonrat/main/svchost.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271613/; classtype:trojan-activity;sid:84134713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271608)"; flow:established,from_client; content:"GET"; http_method; content:"/charshop/tempspooferxx/main/svchost.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271608/; classtype:trojan-activity;sid:84134708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271609)"; flow:established,from_client; content:"GET"; http_method; content:"/morgantaraum/automatic-octo-barnacle/refs/heads/main/svchost.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271609/; classtype:trojan-activity;sid:84134709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271610)"; flow:established,from_client; content:"GET"; http_method; content:"/media/furystorage/api/main/svchost.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"media.githubusercontent.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271610/; classtype:trojan-activity;sid:84134710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271611)"; flow:established,from_client; content:"GET"; http_method; content:"/zodiac1616/test/refs/heads/main/svchost.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271611/; classtype:trojan-activity;sid:84134711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271605)"; flow:established,from_client; content:"GET"; http_method; content:"/sdifru877234/ilu123g5/raw/main/svchost.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271605/; classtype:trojan-activity;sid:84134705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271602)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a12xxx1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271602/; classtype:trojan-activity;sid:84134702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271603)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a19ccc1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271603/; classtype:trojan-activity;sid:84134703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271604)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a18qqq1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271604/; classtype:trojan-activity;sid:84134704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271601)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a23uuu1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271601/; classtype:trojan-activity;sid:84134701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271599)"; flow:established,from_client; content:"GET"; http_method; content:"/user337666/brow666/raw/main/svchost.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271599/; classtype:trojan-activity;sid:84134699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271597)"; flow:established,from_client; content:"GET"; http_method; content:"/thomson101/thomson101/releases/download/role/svchost.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271597/; classtype:trojan-activity;sid:84134697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271598)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a15aaa1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271598/; classtype:trojan-activity;sid:84134698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271591)"; flow:established,from_client; content:"GET"; http_method; content:"/furystorage/api/raw/main/svchost.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271591/; classtype:trojan-activity;sid:84134691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271592)"; flow:established,from_client; content:"GET"; http_method; content:"/692-ez/ratta/raw/refs/heads/main/svchost.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271592/; classtype:trojan-activity;sid:84134692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271593)"; flow:established,from_client; content:"GET"; http_method; content:"/stezxyz/svchost.exe/raw/main/client-built.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271593/; classtype:trojan-activity;sid:84134693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271594)"; flow:established,from_client; content:"GET"; http_method; content:"/artem674118/erterytry/raw/main/svchost.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271594/; classtype:trojan-activity;sid:84134694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271595)"; flow:established,from_client; content:"GET"; http_method; content:"/charshop/tempspooferxx/raw/main/svchost.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271595/; classtype:trojan-activity;sid:84134695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271596)"; flow:established,from_client; content:"GET"; http_method; content:"/heresfilly09-9/fornova/raw/main/svchost.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271596/; classtype:trojan-activity;sid:84134696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271585)"; flow:established,from_client; content:"GET"; http_method; content:"/stezxyz/svchost.exe/raw/main/xclient.exe/"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271585/; classtype:trojan-activity;sid:84134685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271586)"; flow:established,from_client; content:"GET"; http_method; content:"/chokopie333/doom/raw/main/svchost.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271586/; classtype:trojan-activity;sid:84134686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271587)"; flow:established,from_client; content:"GET"; http_method; content:"/morgantaraum/automatic-octo-barnacle/raw/refs/heads/main/svchost.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271587/; classtype:trojan-activity;sid:84134687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271588)"; flow:established,from_client; content:"GET"; http_method; content:"/charshop/sigma-nonrat/raw/main/svchost.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271588/; classtype:trojan-activity;sid:84134688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271589)"; flow:established,from_client; content:"GET"; http_method; content:"/charshop/sigma-nonrat/raw/main/svchost.exe/"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271589/; classtype:trojan-activity;sid:84134689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271590)"; flow:established,from_client; content:"GET"; http_method; content:"/zodiac1616/test/raw/refs/heads/main/svchost.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271590/; classtype:trojan-activity;sid:84134690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271579)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0niums/repo/raw/refs/heads/main/nvidia.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271579/; classtype:trojan-activity;sid:84134679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.71.85.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271567/; classtype:trojan-activity;sid:84134667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.71.85.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271489/; classtype:trojan-activity;sid:84134589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271366)"; flow:established,from_client; content:"GET"; http_method; content:"/zzrevva1/osu-maple/refs/heads/main/extremeinjector.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271366/; classtype:trojan-activity;sid:84134466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271369)"; flow:established,from_client; content:"GET"; http_method; content:"/zzrevva1/osu-maple/raw/refs/heads/main/extremeinjector.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271369/; classtype:trojan-activity;sid:84134469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271370)"; flow:established,from_client; content:"GET"; http_method; content:"/stressedb/redengine/main/loader.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271370/; classtype:trojan-activity;sid:84134470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271290)"; flow:established,from_client; content:"GET"; http_method; content:"/-/project/21762009/uploads/c4f32a8d91f0b95a33e7d8a2715f2c1c/slunkcrypt.2024-06-08.windows.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271290/; classtype:trojan-activity;sid:84134390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271206)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/blader-4f96f.appspot.com/o/rem251.txt|3f|alt=media|7c|26|7c|token=c0f99eb2-2f4d-4b6b-8bb6-bdb0e353c395"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271206/; classtype:trojan-activity;sid:84134306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271172)"; flow:established,from_client; content:"GET"; http_method; content:"/aboriginal/downloads/binaries/cross-compiler-m68k.tar.gz"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"landley.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271172/; classtype:trojan-activity;sid:84134272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271005)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/yxrd0ob7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271005/; classtype:trojan-activity;sid:84134105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270748)"; flow:established,from_client; content:"GET"; http_method; content:"/abc3.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270748/; classtype:trojan-activity;sid:84133848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270746)"; flow:established,from_client; content:"GET"; http_method; content:"/abc1.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270746/; classtype:trojan-activity;sid:84133846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270744)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270744/; classtype:trojan-activity;sid:84133844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270741)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270741/; classtype:trojan-activity;sid:84133841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270605)"; flow:established,from_client; content:"GET"; http_method; content:"/ri/la.bot.arc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270605/; classtype:trojan-activity;sid:84133705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270200)"; flow:established,from_client; content:"GET"; http_method; content:"/c3pool/winring0x64.sys"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"c3poolbat2.oss-ap-northeast-1.aliyuncs.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270200/; classtype:trojan-activity;sid:84133300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270198)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/edadf5dc5ec04c578e24f68006fad2b4.sys"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270198/; classtype:trojan-activity;sid:84133298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270196)"; flow:established,from_client; content:"GET"; http_method; content:"/novocrm/static/winring0x64.sys"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"118.189.172.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270196/; classtype:trojan-activity;sid:84133296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270193)"; flow:established,from_client; content:"GET"; http_method; content:"/miguel-b-p/..../raw/main/winring0x64.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270193/; classtype:trojan-activity;sid:84133293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270185)"; flow:established,from_client; content:"GET"; http_method; content:"/silenthashik/winring/raw/main/winring0x64.sys"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270185/; classtype:trojan-activity;sid:84133285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270186)"; flow:established,from_client; content:"GET"; http_method; content:"/hak333444/xmrig/raw/main/winring0x64.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270186/; classtype:trojan-activity;sid:84133286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270187)"; flow:established,from_client; content:"GET"; http_method; content:"/irusanov/zenstates-core/raw/master/winring0x64.sys"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270187/; classtype:trojan-activity;sid:84133287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270188)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/blob/master/bin/winring0/winring0x64.sys|3f|raw=true"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270188/; classtype:trojan-activity;sid:84133288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270189)"; flow:established,from_client; content:"GET"; http_method; content:"/so251/olaquerida/releases/download/1releasae/winring0x64.sys"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270189/; classtype:trojan-activity;sid:84133289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270190)"; flow:established,from_client; content:"GET"; http_method; content:"/winring0x64.sys"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mymin11.oss-cn-hangzhou.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270190/; classtype:trojan-activity;sid:84133290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270191)"; flow:established,from_client; content:"GET"; http_method; content:"/jsjsjsc79/advsd/raw/main/winring0x64.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270191/; classtype:trojan-activity;sid:84133291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270192)"; flow:established,from_client; content:"GET"; http_method; content:"/stickmengamer/idk/raw/main/winring0x64.sys"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270192/; classtype:trojan-activity;sid:84133292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270183)"; flow:established,from_client; content:"GET"; http_method; content:"/sopranotech/dimeo/main/winring0x64.sys"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270183/; classtype:trojan-activity;sid:84133283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270184)"; flow:established,from_client; content:"GET"; http_method; content:"/abrissyy/min/main/winring0x64.sys"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270184/; classtype:trojan-activity;sid:84133284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270080)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/j86piuq9.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270080/; classtype:trojan-activity;sid:84133180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270079)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bwapp.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270079/; classtype:trojan-activity;sid:84133179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270077)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/0b44ippu.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270077/; classtype:trojan-activity;sid:84133177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270078)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5gevcp8z.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270078/; classtype:trojan-activity;sid:84133178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270075)"; flow:established,from_client; content:"GET"; http_method; content:"/store/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270075/; classtype:trojan-activity;sid:84133175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270076)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/chicken123.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270076/; classtype:trojan-activity;sid:84133176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270073)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dsds.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270073/; classtype:trojan-activity;sid:84133173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270074)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/final.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270074/; classtype:trojan-activity;sid:84133174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270072)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xyaw4fkp.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270072/; classtype:trojan-activity;sid:84133172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270070)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/setup8.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270070/; classtype:trojan-activity;sid:84133170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270071)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/golden.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270071/; classtype:trojan-activity;sid:84133171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270069)"; flow:established,from_client; content:"GET"; http_method; content:"/test/do.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270069/; classtype:trojan-activity;sid:84133169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270055)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/q1wnx5ir.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270055/; classtype:trojan-activity;sid:84133155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270056)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kp8dnpa9.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270056/; classtype:trojan-activity;sid:84133156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270057)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zts.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270057/; classtype:trojan-activity;sid:84133157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270052)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/h5a71wdy.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270052/; classtype:trojan-activity;sid:84133152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269954)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/tn8cdkzn.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269954/; classtype:trojan-activity;sid:84133054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269837)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/v7wa24td.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269837/; classtype:trojan-activity;sid:84132937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269831)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/new_v8.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269831/; classtype:trojan-activity;sid:84132931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269827)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rdx123456.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269827/; classtype:trojan-activity;sid:84132927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269828)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gold1234.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269828/; classtype:trojan-activity;sid:84132928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269829)"; flow:established,from_client; content:"GET"; http_method; content:"/dobre/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269829/; classtype:trojan-activity;sid:84132929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269824)"; flow:established,from_client; content:"GET"; http_method; content:"/babadura123/banana/refs/heads/main/xclient.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269824/; classtype:trojan-activity;sid:84132924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269823)"; flow:established,from_client; content:"GET"; http_method; content:"/xclient543/upgraded-sniffle/main/xclient.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269823/; classtype:trojan-activity;sid:84132923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269816)"; flow:established,from_client; content:"GET"; http_method; content:"/uspat/capybara_jar/main/xclient.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269816/; classtype:trojan-activity;sid:84132916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269817)"; flow:established,from_client; content:"GET"; http_method; content:"/uspat/cripting/main/xclient.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269817/; classtype:trojan-activity;sid:84132917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269818)"; flow:established,from_client; content:"GET"; http_method; content:"/smerttb2/xvpn/raw/main/xclient.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269818/; classtype:trojan-activity;sid:84132918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269819)"; flow:established,from_client; content:"GET"; http_method; content:"/minhdmkk6/bot1/refs/heads/main/xclient.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269819/; classtype:trojan-activity;sid:84132919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269820)"; flow:established,from_client; content:"GET"; http_method; content:"/uspat/capybara_jar/raw/main/xclient.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269820/; classtype:trojan-activity;sid:84132920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269821)"; flow:established,from_client; content:"GET"; http_method; content:"/tubocdev/ratbuildpenis/raw/main/xclient.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269821/; classtype:trojan-activity;sid:84132921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269822)"; flow:established,from_client; content:"GET"; http_method; content:"/babadura123/banana/raw/refs/heads/main/xclient.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269822/; classtype:trojan-activity;sid:84132922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269788)"; flow:established,from_client; content:"GET"; http_method; content:"/makslalp123/rakdj213/master/xclient.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269788/; classtype:trojan-activity;sid:84132888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269789)"; flow:established,from_client; content:"GET"; http_method; content:"/framzzzzz/dont-use/main/xclient.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269789/; classtype:trojan-activity;sid:84132889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269790)"; flow:established,from_client; content:"GET"; http_method; content:"/stezxyz/svchost.exe/main/xclient.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269790/; classtype:trojan-activity;sid:84132890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269791)"; flow:established,from_client; content:"GET"; http_method; content:"/stezxyz/svchost.exe/raw/main/xclient.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269791/; classtype:trojan-activity;sid:84132891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269792)"; flow:established,from_client; content:"GET"; http_method; content:"/bodyblazexaa/dll/main/xclient.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269792/; classtype:trojan-activity;sid:84132892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269795)"; flow:established,from_client; content:"GET"; http_method; content:"/makslalp123/rakdj213/raw/master/xclient.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269795/; classtype:trojan-activity;sid:84132895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269796)"; flow:established,from_client; content:"GET"; http_method; content:"/minhdmkk6/bot2/raw/refs/heads/main/xclient.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269796/; classtype:trojan-activity;sid:84132896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269798)"; flow:established,from_client; content:"GET"; http_method; content:"/u6iko/do5a/raw/main/xclient.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269798/; classtype:trojan-activity;sid:84132898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269800)"; flow:established,from_client; content:"GET"; http_method; content:"/helelehelafsdf163/batata/refs/heads/main/xclient.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269800/; classtype:trojan-activity;sid:84132900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269802)"; flow:established,from_client; content:"GET"; http_method; content:"/minhdmkk6/bot2/refs/heads/main/xclient.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269802/; classtype:trojan-activity;sid:84132902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269803)"; flow:established,from_client; content:"GET"; http_method; content:"/abdulah345/pizdaporc/raw/refs/heads/main/xclient.exe/"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269803/; classtype:trojan-activity;sid:84132903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269804)"; flow:established,from_client; content:"GET"; http_method; content:"/analhacker/-/raw/main/xclient.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269804/; classtype:trojan-activity;sid:84132904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269807)"; flow:established,from_client; content:"GET"; http_method; content:"/smerttb2/xvpn/main/xclient.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269807/; classtype:trojan-activity;sid:84132907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269808)"; flow:established,from_client; content:"GET"; http_method; content:"/analhacker/-/main/xclient.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269808/; classtype:trojan-activity;sid:84132908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269809)"; flow:established,from_client; content:"GET"; http_method; content:"/bodyblazexaa/dll/raw/main/xclient.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269809/; classtype:trojan-activity;sid:84132909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269810)"; flow:established,from_client; content:"GET"; http_method; content:"/helelehelafsdf163/batata/raw/refs/heads/main/xclient.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269810/; classtype:trojan-activity;sid:84132910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269811)"; flow:established,from_client; content:"GET"; http_method; content:"/minhdmkk6/bot1/raw/refs/heads/main/xclient.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269811/; classtype:trojan-activity;sid:84132911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269812)"; flow:established,from_client; content:"GET"; http_method; content:"/tubocdev/ratbuildpenis/main/xclient.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269812/; classtype:trojan-activity;sid:84132912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269813)"; flow:established,from_client; content:"GET"; http_method; content:"/analhacker/htt/raw/main/xclient.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269813/; classtype:trojan-activity;sid:84132913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269785)"; flow:established,from_client; content:"GET"; http_method; content:"/abdulah345/pizdaporc/raw/refs/heads/main/xclient.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269785/; classtype:trojan-activity;sid:84132885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269786)"; flow:established,from_client; content:"GET"; http_method; content:"/abdulah345/pizdaporc/refs/heads/main/xclient.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269786/; classtype:trojan-activity;sid:84132886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269787)"; flow:established,from_client; content:"GET"; http_method; content:"/u6iko/do5a/raw/main/xclient.exe/"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269787/; classtype:trojan-activity;sid:84132887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269768)"; flow:established,from_client; content:"GET"; http_method; content:"/crysiz2631/xworm-3.1/zip/refs/heads/main"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269768/; classtype:trojan-activity;sid:84132868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269766)"; flow:established,from_client; content:"GET"; http_method; content:"/trafisg/xworm-5.2-/zip/refs/heads/main"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269766/; classtype:trojan-activity;sid:84132866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269763)"; flow:established,from_client; content:"GET"; http_method; content:"/peszok/xworm-remote-access-tool/refs/heads/main/xworm.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269763/; classtype:trojan-activity;sid:84132863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269762)"; flow:established,from_client; content:"GET"; http_method; content:"/jpntr/xworm-v5.2/zip/refs/heads/main"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269762/; classtype:trojan-activity;sid:84132862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269757)"; flow:established,from_client; content:"GET"; http_method; content:"/smokeloader/xworm-v5.3/releases/download/xworm/xworm.v5.3.optimized.bin.7z"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269757/; classtype:trojan-activity;sid:84132857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269756)"; flow:established,from_client; content:"GET"; http_method; content:"/peszok/xworm-remote-access-tool/releases/download/v5.0/xworm.rar/"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269756/; classtype:trojan-activity;sid:84132856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269750)"; flow:established,from_client; content:"GET"; http_method; content:"/gv1rygit/xworm-v5.2/raw/refs/heads/main/xsploitlauncher.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269750/; classtype:trojan-activity;sid:84132850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269751)"; flow:established,from_client; content:"GET"; http_method; content:"/gv1rygit/xworm-v5.2/raw/refs/heads/main/xsploitlauncher.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269751/; classtype:trojan-activity;sid:84132851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269752)"; flow:established,from_client; content:"GET"; http_method; content:"/peszok/xworm-remote-access-tool/releases/download/v5.0/xworm.rar"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269752/; classtype:trojan-activity;sid:84132852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269748)"; flow:established,from_client; content:"GET"; http_method; content:"/peszok/xworm-remote-access-tool/blob/main/xworm.exe|3f|raw=true"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269748/; classtype:trojan-activity;sid:84132848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269740)"; flow:established,from_client; content:"GET"; http_method; content:"/gv1rygit/xworm-v5.2/refs/heads/main/xsploitlauncher.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269740/; classtype:trojan-activity;sid:84132840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269741)"; flow:established,from_client; content:"GET"; http_method; content:"/peszok/xworm-remote-access-tool/releases/download/v5.0/xworm.rar/"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269741/; classtype:trojan-activity;sid:84132841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269738)"; flow:established,from_client; content:"GET"; http_method; content:"/peszok/xworm-remote-access-tool/raw/main/xworm.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269738/; classtype:trojan-activity;sid:84132838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269715)"; flow:established,from_client; content:"GET"; http_method; content:"/sqrtzeroknowledge/xworm-trojan/archive/refs/heads/main.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269715/; classtype:trojan-activity;sid:84132815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269722)"; flow:established,from_client; content:"GET"; http_method; content:"/gv1rygit/xworm-v5.2/refs/heads/main/xsploitlauncher.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269722/; classtype:trojan-activity;sid:84132822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269633)"; flow:established,from_client; content:"GET"; http_method; content:"/update/tpb-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"utorrent-backup-server.top"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269633/; classtype:trojan-activity;sid:84132733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269628)"; flow:established,from_client; content:"GET"; http_method; content:"/1337/torrentold-1.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"utorrent-servers.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269628/; classtype:trojan-activity;sid:84132728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269624)"; flow:established,from_client; content:"GET"; http_method; content:"/update/tpb-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"microsoft-auth-network.cc"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269624/; classtype:trojan-activity;sid:84132724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269617)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.243.23.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269617/; classtype:trojan-activity;sid:84132717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269616)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"125.124.96.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269616/; classtype:trojan-activity;sid:84132716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268242)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.219.216.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268242/; classtype:trojan-activity;sid:84131342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266625)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/refs/heads/main/khtoawdltrha.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266625/; classtype:trojan-activity;sid:84129725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266609)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/raw/refs/heads/main/khtoawdltrha.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266609/; classtype:trojan-activity;sid:84129709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266091)"; flow:established,from_client; content:"GET"; http_method; content:"/abdulah345/pizdaporc/raw/refs/heads/main/xclient.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266091/; classtype:trojan-activity;sid:84129191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265958)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uzjwtbh4hcs9i060hwf08hrnymnodugn"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265958/; classtype:trojan-activity;sid:84129058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265884)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypted25.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265884/; classtype:trojan-activity;sid:84128984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.219.216.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265708/; classtype:trojan-activity;sid:84128808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265196)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.92.19.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265196/; classtype:trojan-activity;sid:84128296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265182)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.108.142.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265182/; classtype:trojan-activity;sid:84128282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265174)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.70.0.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265174/; classtype:trojan-activity;sid:84128274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258049)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/rcm_dcdedkd.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258049/; classtype:trojan-activity;sid:84121149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258050)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/rcf_omfnorh.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258050/; classtype:trojan-activity;sid:84121150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258052)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/fffaemf.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258052/; classtype:trojan-activity;sid:84121152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258053)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/rooahio.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258053/; classtype:trojan-activity;sid:84121153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258054)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/araofkh.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258054/; classtype:trojan-activity;sid:84121154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258055)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/oahinkn.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258055/; classtype:trojan-activity;sid:84121155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258045)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/asy_dffaaep.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258045/; classtype:trojan-activity;sid:84121145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258046)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/iksjbpj.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258046/; classtype:trojan-activity;sid:84121146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258047)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/jaadkfh.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258047/; classtype:trojan-activity;sid:84121147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258048)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/bkpmdom.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258048/; classtype:trojan-activity;sid:84121148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258044)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/igapsme.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258044/; classtype:trojan-activity;sid:84121144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258042)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/domcfbs.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258042/; classtype:trojan-activity;sid:84121142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258043)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/krkmakc.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258043/; classtype:trojan-activity;sid:84121143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258034)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/xwmm_aakkhbm.txt"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258034/; classtype:trojan-activity;sid:84121134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258033)"; flow:established,from_client; content:"GET"; http_method; content:"/ijeuwaesika/nna/refs/heads/main/ifiinms.txt"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258033/; classtype:trojan-activity;sid:84121133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258032)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/apfjrdf.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258032/; classtype:trojan-activity;sid:84121132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258029)"; flow:established,from_client; content:"GET"; http_method; content:"/javamagazine/magdownloads/downloads/utilities-windowtimer-ptimer.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258029/; classtype:trojan-activity;sid:84121129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257637)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/drg/rtc/ab/f3.txt"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257637/; classtype:trojan-activity;sid:84120737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257483)"; flow:established,from_client; content:"GET"; http_method; content:"/data/javaw/winring0x64.sys"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"shangmei-test.oss-cn-beijing.aliyuncs.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257483/; classtype:trojan-activity;sid:84120583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255220)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zxcv.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255220/; classtype:trojan-activity;sid:84118320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255222)"; flow:established,from_client; content:"GET"; http_method; content:"/lumma/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255222/; classtype:trojan-activity;sid:84118322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.233.48.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254671/; classtype:trojan-activity;sid:84117771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254248)"; flow:established,from_client; content:"GET"; http_method; content:"/kdot227/pythonpathfixer/main/main.ps1"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254248/; classtype:trojan-activity;sid:84117348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254247)"; flow:established,from_client; content:"GET"; http_method; content:"/43a1723/test/refs/heads/main/shellcode/loaderclient.ps1"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254247/; classtype:trojan-activity;sid:84117347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254229)"; flow:established,from_client; content:"GET"; http_method; content:"/43a1723/test/releases/download/siu/stub.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254229/; classtype:trojan-activity;sid:84117329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254228)"; flow:established,from_client; content:"GET"; http_method; content:"/kdot227/somalifuscator/archive/refs/heads/main.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254228/; classtype:trojan-activity;sid:84117328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254226)"; flow:established,from_client; content:"GET"; http_method; content:"/proxyonly/www/raw/main/security.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254226/; classtype:trojan-activity;sid:84117326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254223)"; flow:established,from_client; content:"GET"; http_method; content:"/u6iko/do5a/raw/main/xclient.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254223/; classtype:trojan-activity;sid:84117323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254224)"; flow:established,from_client; content:"GET"; http_method; content:"/unblockedgames2/school-shit/raw/main/fuag.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254224/; classtype:trojan-activity;sid:84117324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254222)"; flow:established,from_client; content:"GET"; http_method; content:"/robloxdev1223/requirements/raw/main/requirements.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254222/; classtype:trojan-activity;sid:84117322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254220)"; flow:established,from_client; content:"GET"; http_method; content:"/cfedss/e/raw/refs/heads/main/powershell.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254220/; classtype:trojan-activity;sid:84117320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254039)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254039/; classtype:trojan-activity;sid:84117139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254029)"; flow:established,from_client; content:"GET"; http_method; content:"/2512365123/dk.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.208.158.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254029/; classtype:trojan-activity;sid:84117129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.249.236.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253392/; classtype:trojan-activity;sid:84116492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.249.236.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253376/; classtype:trojan-activity;sid:84116476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253356)"; flow:established,from_client; content:"GET"; http_method; content:"/adapt/cabbage"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"javierlopez.eu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253356/; classtype:trojan-activity;sid:84116456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253354)"; flow:established,from_client; content:"GET"; http_method; content:"/adapt/kingdom"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"javierlopez.eu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253354/; classtype:trojan-activity;sid:84116454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253057)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.249.236.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253057/; classtype:trojan-activity;sid:84116157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252991)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.100.63.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252991/; classtype:trojan-activity;sid:84116091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252970)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.210.236.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252970/; classtype:trojan-activity;sid:84116070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252640)"; flow:established,from_client; content:"GET"; http_method; content:"/phantompeek/ps/refs/heads/main/ps.bin"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252640/; classtype:trojan-activity;sid:84115740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252637)"; flow:established,from_client; content:"GET"; http_method; content:"/razidvb/myfiles/refs/heads/main/loader.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252637/; classtype:trojan-activity;sid:84115737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252639)"; flow:established,from_client; content:"GET"; http_method; content:"/zefordk/ikeya/refs/heads/main/shellcodeany.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252639/; classtype:trojan-activity;sid:84115739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252635)"; flow:established,from_client; content:"GET"; http_method; content:"/phantompeek/ps/raw/refs/heads/main/ps.bin"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252635/; classtype:trojan-activity;sid:84115735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252632)"; flow:established,from_client; content:"GET"; http_method; content:"/zefordk/ikeya/raw/refs/heads/main/shellcodeany.bin"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252632/; classtype:trojan-activity;sid:84115732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252634)"; flow:established,from_client; content:"GET"; http_method; content:"/razidvb/myfiles/raw/refs/heads/main/loader.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252634/; classtype:trojan-activity;sid:84115734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252630)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17267811/stm.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252630/; classtype:trojan-activity;sid:84115730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252488)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/ksdeuf/refs/heads/main/mipsel"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252488/; classtype:trojan-activity;sid:84115588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252485)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/ksdeuf/refs/heads/main/mips"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252485/; classtype:trojan-activity;sid:84115585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252486)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dhjif/refs/heads/main/armv7l"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252486/; classtype:trojan-activity;sid:84115586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252487)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/ksdeuf/refs/heads/main/animma.sh"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252487/; classtype:trojan-activity;sid:84115587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251535)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.45.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251535/; classtype:trojan-activity;sid:84114635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251026)"; flow:established,from_client; content:"GET"; http_method; content:"/2210/bjcaj8aorkdqbsqqyrda.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251026/; classtype:trojan-activity;sid:84114126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251028)"; flow:established,from_client; content:"GET"; http_method; content:"/1210/v"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251028/; classtype:trojan-activity;sid:84114128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251034)"; flow:established,from_client; content:"GET"; http_method; content:"/2210/file"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251034/; classtype:trojan-activity;sid:84114134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251035)"; flow:established,from_client; content:"GET"; http_method; content:"/1210/b9uoaokmpdan1gmmrxuo.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251035/; classtype:trojan-activity;sid:84114135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250773)"; flow:established,from_client; content:"GET"; http_method; content:"/off/def.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250773/; classtype:trojan-activity;sid:84113873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250050)"; flow:established,from_client; content:"GET"; http_method; content:"/chrome_93.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sirault.be"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250050/; classtype:trojan-activity;sid:84113150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249858)"; flow:established,from_client; content:"GET"; http_method; content:"/1210/theh4uq3nf0rszgpsynf.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249858/; classtype:trojan-activity;sid:84112958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249739)"; flow:established,from_client; content:"GET"; http_method; content:"/img_up/shop_pds/nicehana/client.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"www.xn--on3b15m2lco2u.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249739/; classtype:trojan-activity;sid:84112839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249735)"; flow:established,from_client; content:"GET"; http_method; content:"/client.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"119.193.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249735/; classtype:trojan-activity;sid:84112835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249679)"; flow:established,from_client; content:"GET"; http_method; content:"/blazedbottle/rat/main/client-built.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249679/; classtype:trojan-activity;sid:84112779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249675)"; flow:established,from_client; content:"GET"; http_method; content:"/quasar/quasar/releases/download/v1.4.1/quasar.v1.4.1.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249675/; classtype:trojan-activity;sid:84112775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249673)"; flow:established,from_client; content:"GET"; http_method; content:"/blazedbottle/rat/raw/main/client-built.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249673/; classtype:trojan-activity;sid:84112773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249674)"; flow:established,from_client; content:"GET"; http_method; content:"/samllea1/gorebox-modmenu/raw/refs/heads/main/gorebox%20modmenu%201.2.0.exe"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249674/; classtype:trojan-activity;sid:84112774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249671)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/osiris/raw/refs/heads/main/2klz.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249671/; classtype:trojan-activity;sid:84112771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249667)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/main/client-built.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249667/; classtype:trojan-activity;sid:84112767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249662)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/refs/heads/master/rat/njrat.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249662/; classtype:trojan-activity;sid:84112762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249388)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/asrt/s1.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249388/; classtype:trojan-activity;sid:84112488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.150.45.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247566/; classtype:trojan-activity;sid:84110666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246790)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.45.19.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3246790/; classtype:trojan-activity;sid:84109890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246076)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"134.122.176.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246076/; classtype:trojan-activity;sid:84109176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246057)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"150.158.37.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246057/; classtype:trojan-activity;sid:84109157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246018)"; flow:established,from_client; content:"GET"; http_method; content:"/mestalic/site/refs/heads/main/file.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246018/; classtype:trojan-activity;sid:84109118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245772)"; flow:established,from_client; content:"GET"; http_method; content:"/sample.hta"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"210.56.13.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245772/; classtype:trojan-activity;sid:84108872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245755)"; flow:established,from_client; content:"GET"; http_method; content:"/kuwaitsetuphockey.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245755/; classtype:trojan-activity;sid:84108855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245756)"; flow:established,from_client; content:"GET"; http_method; content:"/officialsevaluationold.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245756/; classtype:trojan-activity;sid:84108856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245737)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.252.159.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245737/; classtype:trojan-activity;sid:84108837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245733)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.152.219.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245733/; classtype:trojan-activity;sid:84108833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245553)"; flow:established,from_client; content:"GET"; http_method; content:"/fotonview.apk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245553/; classtype:trojan-activity;sid:84108653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245551)"; flow:established,from_client; content:"GET"; http_method; content:"/cameracomponent.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245551/; classtype:trojan-activity;sid:84108651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245550)"; flow:established,from_client; content:"GET"; http_method; content:"/evaluation.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245550/; classtype:trojan-activity;sid:84108650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245480)"; flow:established,from_client; content:"GET"; http_method; content:"/luma/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245480/; classtype:trojan-activity;sid:84108580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245479)"; flow:established,from_client; content:"GET"; http_method; content:"/off/random.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245479/; classtype:trojan-activity;sid:84108579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245463)"; flow:established,from_client; content:"GET"; http_method; content:"/hs.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245463/; classtype:trojan-activity;sid:84108563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245459)"; flow:established,from_client; content:"GET"; http_method; content:"/kg.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245459/; classtype:trojan-activity;sid:84108559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245458)"; flow:established,from_client; content:"GET"; http_method; content:"/keygen.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245458/; classtype:trojan-activity;sid:84108558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.45.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245074/; classtype:trojan-activity;sid:84108174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243505)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/creal.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243505/; classtype:trojan-activity;sid:84106605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243502)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/setup.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243502/; classtype:trojan-activity;sid:84106602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243499)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svchost.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243499/; classtype:trojan-activity;sid:84106599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243500)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/test.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243500/; classtype:trojan-activity;sid:84106600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243497)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/qqq.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243497/; classtype:trojan-activity;sid:84106597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243489)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/soft.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243489/; classtype:trojan-activity;sid:84106589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243486)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/main.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243486/; classtype:trojan-activity;sid:84106586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243482)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/splwow64.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243482/; classtype:trojan-activity;sid:84106582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243479)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kill.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243479/; classtype:trojan-activity;sid:84106579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243478)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dcratbuild.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243478/; classtype:trojan-activity;sid:84106578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243470)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/winrar-x64-701.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243470/; classtype:trojan-activity;sid:84106570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243469)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/soft2.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243469/; classtype:trojan-activity;sid:84106569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243464)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/edge.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243464/; classtype:trojan-activity;sid:84106564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243465)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/univ.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243465/; classtype:trojan-activity;sid:84106565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243459)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cvv.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243459/; classtype:trojan-activity;sid:84106559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243455)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/frap.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243455/; classtype:trojan-activity;sid:84106555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243456)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ovrflw.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243456/; classtype:trojan-activity;sid:84106556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243452)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummnew.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243452/; classtype:trojan-activity;sid:84106552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243445)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xt.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243445/; classtype:trojan-activity;sid:84106545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243448)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xxl.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243448/; classtype:trojan-activity;sid:84106548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243442)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/launcher.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243442/; classtype:trojan-activity;sid:84106542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243443)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cc2.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243443/; classtype:trojan-activity;sid:84106543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243432)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/hashed.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243432/; classtype:trojan-activity;sid:84106532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243431)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/probnik.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243431/; classtype:trojan-activity;sid:84106531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243412)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/winx86.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243412/; classtype:trojan-activity;sid:84106512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243407)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ewrvuh.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243407/; classtype:trojan-activity;sid:84106507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243406)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/major.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243406/; classtype:trojan-activity;sid:84106506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243400)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xxz.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243400/; classtype:trojan-activity;sid:84106500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243393)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/out.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243393/; classtype:trojan-activity;sid:84106493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243388)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cccc2.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243388/; classtype:trojan-activity;sid:84106488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243387)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/divinedialogue.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243387/; classtype:trojan-activity;sid:84106487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243383)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cvimelugfq.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243383/; classtype:trojan-activity;sid:84106483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243379)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/file.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243379/; classtype:trojan-activity;sid:84106479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243375)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/12.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243375/; classtype:trojan-activity;sid:84106475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243369)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zzz.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243369/; classtype:trojan-activity;sid:84106469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243364)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/diff.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243364/; classtype:trojan-activity;sid:84106464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243358)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dos.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243358/; classtype:trojan-activity;sid:84106458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243351)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/newfile.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243351/; classtype:trojan-activity;sid:84106451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243354)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/noll.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243354/; classtype:trojan-activity;sid:84106454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243347)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/shopfree.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243347/; classtype:trojan-activity;sid:84106447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243337)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/newbundle.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243337/; classtype:trojan-activity;sid:84106437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243335)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vidar.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243335/; classtype:trojan-activity;sid:84106435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243328)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mk.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243328/; classtype:trojan-activity;sid:84106428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243325)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/neonn.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243325/; classtype:trojan-activity;sid:84106425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243322)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/legas.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243322/; classtype:trojan-activity;sid:84106422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243317)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/prem1.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243317/; classtype:trojan-activity;sid:84106417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243313)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/controlledaccesspoint.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243313/; classtype:trojan-activity;sid:84106413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243310)"; flow:established,from_client; content:"GET"; http_method; content:"/dobre/processclass.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243310/; classtype:trojan-activity;sid:84106410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243307)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/completestudio.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243307/; classtype:trojan-activity;sid:84106407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243309)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vidsusername.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243309/; classtype:trojan-activity;sid:84106409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243306)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/neon.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243306/; classtype:trojan-activity;sid:84106406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243302)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/loader_5879465914.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243302/; classtype:trojan-activity;sid:84106402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243298)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/onlysteal.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243298/; classtype:trojan-activity;sid:84106398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243290)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/softina.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243290/; classtype:trojan-activity;sid:84106390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243289)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ubi-inst.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243289/; classtype:trojan-activity;sid:84106389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243283)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/singerjudy.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243283/; classtype:trojan-activity;sid:84106383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243284)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xm.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243284/; classtype:trojan-activity;sid:84106384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243285)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/def.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243285/; classtype:trojan-activity;sid:84106385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243278)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ai2.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243278/; classtype:trojan-activity;sid:84106378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243274)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/exclude.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243274/; classtype:trojan-activity;sid:84106374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243276)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kiyan.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243276/; classtype:trojan-activity;sid:84106376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243273)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/windowsexecutable.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243273/; classtype:trojan-activity;sid:84106373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243272)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/torque.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243272/; classtype:trojan-activity;sid:84106372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243271)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/taskhost.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243271/; classtype:trojan-activity;sid:84106371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243138)"; flow:established,from_client; content:"GET"; http_method; content:"/down/jgevbkn6di30"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"222.187.223.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243138/; classtype:trojan-activity;sid:84106238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243135)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/filekey.mentah"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243135/; classtype:trojan-activity;sid:84106235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243134)"; flow:established,from_client; content:"GET"; http_method; content:"/enjoyers/file3.mentah"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243134/; classtype:trojan-activity;sid:84106234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243133)"; flow:established,from_client; content:"GET"; http_method; content:"/enjoyers/injek3.mentah"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243133/; classtype:trojan-activity;sid:84106233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243121)"; flow:established,from_client; content:"GET"; http_method; content:"/js/s.rar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"112.217.207.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243121/; classtype:trojan-activity;sid:84106221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243086)"; flow:established,from_client; content:"GET"; http_method; content:"/update/data/update.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"114.55.106.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243086/; classtype:trojan-activity;sid:84106186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243081)"; flow:established,from_client; content:"GET"; http_method; content:"/download/update.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"110.40.51.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243081/; classtype:trojan-activity;sid:84106181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243082)"; flow:established,from_client; content:"GET"; http_method; content:"/sysupdate/ckbgd/2.3.0624.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"8.131.63.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243082/; classtype:trojan-activity;sid:84106182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243079)"; flow:established,from_client; content:"GET"; http_method; content:"/output/client/update.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243079/; classtype:trojan-activity;sid:84106179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243077)"; flow:established,from_client; content:"GET"; http_method; content:"/sysupdate/ckbgd/2.3.0703.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"8.131.63.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243077/; classtype:trojan-activity;sid:84106177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243075)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/temp/_rels/key.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"pb.agnt.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243075/; classtype:trojan-activity;sid:84106175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242983)"; flow:established,from_client; content:"GET"; http_method; content:"/flowseal/zapret-discord-youtube/releases/download/1.1.1/zapret-discord-youtube-1.1.1.rar"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242983/; classtype:trojan-activity;sid:84106083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.151.133.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242916/; classtype:trojan-activity;sid:84106016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.151.133.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242903/; classtype:trojan-activity;sid:84106003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242853)"; flow:established,from_client; content:"GET"; http_method; content:"/get/rtsyboyqu8/aa.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242853/; classtype:trojan-activity;sid:84105953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242854)"; flow:established,from_client; content:"GET"; http_method; content:"/get/tvisnldnvi/ardara.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242854/; classtype:trojan-activity;sid:84105954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242852)"; flow:established,from_client; content:"GET"; http_method; content:"/get/xtfglcmk2k/windowshost.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242852/; classtype:trojan-activity;sid:84105952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242851)"; flow:established,from_client; content:"GET"; http_method; content:"/get/mzocixkcrs/ee.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242851/; classtype:trojan-activity;sid:84105951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242850)"; flow:established,from_client; content:"GET"; http_method; content:"/get/840cpxujvq/w.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242850/; classtype:trojan-activity;sid:84105950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242663)"; flow:established,from_client; content:"GET"; http_method; content:"/hmatrix/data/hack0832.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cd.textfiles.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242663/; classtype:trojan-activity;sid:84105763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242649)"; flow:established,from_client; content:"GET"; http_method; content:"/js/file.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"osecweb.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242649/; classtype:trojan-activity;sid:84105749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242642)"; flow:established,from_client; content:"GET"; http_method; content:"/rishabhkumardeveloper/malware_analysis_using_ml/main/wildfire-test-pe-file.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242642/; classtype:trojan-activity;sid:84105742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242595)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/octus.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242595/; classtype:trojan-activity;sid:84105695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242379)"; flow:established,from_client; content:"GET"; http_method; content:"/s/g7qeilrosjgjeoz/download"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"i0001.clarodrive.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242379/; classtype:trojan-activity;sid:84105479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241764)"; flow:established,from_client; content:"GET"; http_method; content:"/mori-miyako/discord-token-generator/zip/refs/heads/main"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241764/; classtype:trojan-activity;sid:84104864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241765)"; flow:established,from_client; content:"GET"; http_method; content:"/scode18/all-tweaker/main/tweaks.7z"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241765/; classtype:trojan-activity;sid:84104865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241756)"; flow:established,from_client; content:"GET"; http_method; content:"/intergate0/none/main/main.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241756/; classtype:trojan-activity;sid:84104856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241754)"; flow:established,from_client; content:"GET"; http_method; content:"/wbrswbrn/awew45/refs/heads/main/nurik.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241754/; classtype:trojan-activity;sid:84104854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241752)"; flow:established,from_client; content:"GET"; http_method; content:"/kntjspr/licensebytes/refs/heads/main/licensemalwarebytes.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241752/; classtype:trojan-activity;sid:84104852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241750)"; flow:established,from_client; content:"GET"; http_method; content:"/dns/pwer"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"main.dsn.ovh"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241750/; classtype:trojan-activity;sid:84104850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241646)"; flow:established,from_client; content:"GET"; http_method; content:"/mhemon404/project01/main/system404.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241646/; classtype:trojan-activity;sid:84104746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241643)"; flow:established,from_client; content:"GET"; http_method; content:"/aavaahanan121/tools/main/fern_wifi_recon%252.34.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241643/; classtype:trojan-activity;sid:84104743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241644)"; flow:established,from_client; content:"GET"; http_method; content:"/baksvoronov/testingflrplgpreg/refs/heads/main/connector1.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241644/; classtype:trojan-activity;sid:84104744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241645)"; flow:established,from_client; content:"GET"; http_method; content:"/ozcanpng/backd00r/main/backd00rhome.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241645/; classtype:trojan-activity;sid:84104745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241637)"; flow:established,from_client; content:"GET"; http_method; content:"/s107000665/c1/master/1223.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241637/; classtype:trojan-activity;sid:84104737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241638)"; flow:established,from_client; content:"GET"; http_method; content:"/iciamyplant/ctf/master/plantrojan.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241638/; classtype:trojan-activity;sid:84104738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241639)"; flow:established,from_client; content:"GET"; http_method; content:"/fengjixuchui/cve-2022-26810/main/shellcode.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241639/; classtype:trojan-activity;sid:84104739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241640)"; flow:established,from_client; content:"GET"; http_method; content:"/killbillpribil/world-of-tanks/master/world%20of%20tanks.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241640/; classtype:trojan-activity;sid:84104740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241641)"; flow:established,from_client; content:"GET"; http_method; content:"/mach1el/htb-scripts/master/exploit-fuse/shell.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241641/; classtype:trojan-activity;sid:84104741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241642)"; flow:established,from_client; content:"GET"; http_method; content:"/khr0x40sh/whitelistevasion/master/installutil/script.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241642/; classtype:trojan-activity;sid:84104742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241636)"; flow:established,from_client; content:"GET"; http_method; content:"/award.pdf.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"alien-training.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241636/; classtype:trojan-activity;sid:84104736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241635)"; flow:established,from_client; content:"GET"; http_method; content:"/msf.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"qiniuyunxz.yxflzs.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241635/; classtype:trojan-activity;sid:84104735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241563)"; flow:established,from_client; content:"GET"; http_method; content:"/view.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sister-1324943887.cos.ap-guangzhou.myqcloud.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241563/; classtype:trojan-activity;sid:84104663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241559)"; flow:established,from_client; content:"GET"; http_method; content:"/c5hackr/phantom/main/phantom/resources/donut.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241559/; classtype:trojan-activity;sid:84104659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241505)"; flow:established,from_client; content:"GET"; http_method; content:"/ffmpeg.jpg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"156.255.2.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241505/; classtype:trojan-activity;sid:84104605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241404)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.39.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241404/; classtype:trojan-activity;sid:84104504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241382)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.39.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241382/; classtype:trojan-activity;sid:84104482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241367)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.133.156.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241367/; classtype:trojan-activity;sid:84104467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241357)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"150.158.37.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241357/; classtype:trojan-activity;sid:84104457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241358)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.120.25.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241358/; classtype:trojan-activity;sid:84104458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241331)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.223.200.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241331/; classtype:trojan-activity;sid:84104431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241291)"; flow:established,from_client; content:"GET"; http_method; content:"/key.pem"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241291/; classtype:trojan-activity;sid:84104391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241127)"; flow:established,from_client; content:"GET"; http_method; content:"/justincoding3/slumfun/main/obfuscated.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241127/; classtype:trojan-activity;sid:84104227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241126)"; flow:established,from_client; content:"GET"; http_method; content:"/r00t-3xp10it/redpill/main/utils/compiled.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241126/; classtype:trojan-activity;sid:84104226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241125)"; flow:established,from_client; content:"GET"; http_method; content:"/secwiki/windows-kernel-exploits/master/ms14-068/ms14-068.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241125/; classtype:trojan-activity;sid:84104225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241123)"; flow:established,from_client; content:"GET"; http_method; content:"/prowindows365/hailhydra/refs/heads/main/hailhydra.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241123/; classtype:trojan-activity;sid:84104223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241079)"; flow:established,from_client; content:"GET"; http_method; content:"/mailclone2500/stealer/refs/heads/main/bot2.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241079/; classtype:trojan-activity;sid:84104179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241054)"; flow:established,from_client; content:"GET"; http_method; content:"/43a1723/test/releases/download/siu/stub.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241054/; classtype:trojan-activity;sid:84104154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241055)"; flow:established,from_client; content:"GET"; http_method; content:"/neo23x0/signature-base/archive/master.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241055/; classtype:trojan-activity;sid:84104155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241019)"; flow:established,from_client; content:"GET"; http_method; content:"/gosha1239/onetap/master/onetap.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241019/; classtype:trojan-activity;sid:84104119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241020)"; flow:established,from_client; content:"GET"; http_method; content:"/an0mat/azorult/refs/heads/master/builder.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241020/; classtype:trojan-activity;sid:84104120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241005)"; flow:established,from_client; content:"GET"; http_method; content:"/ricepudding0xl/discordnitrogenerator/main/discordnitrogenerator.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241005/; classtype:trojan-activity;sid:84104105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241004)"; flow:established,from_client; content:"GET"; http_method; content:"/ryan2159/stuff/main/discord.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241004/; classtype:trojan-activity;sid:84104104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240999)"; flow:established,from_client; content:"GET"; http_method; content:"/sad-dust/death/main/stealinfo.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240999/; classtype:trojan-activity;sid:84104099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240998)"; flow:established,from_client; content:"GET"; http_method; content:"/deepdevil51/discordspotifybypass/main/discordspotifybypass.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240998/; classtype:trojan-activity;sid:84104098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240994)"; flow:established,from_client; content:"GET"; http_method; content:"/deepdevil51/discordspotifybypass/raw/main/discordspotifybypass.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240994/; classtype:trojan-activity;sid:84104094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240819)"; flow:established,from_client; content:"GET"; http_method; content:"/redcanaryco/atomic-red-team/master/atomics/t1204.002/bin/test10.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240819/; classtype:trojan-activity;sid:84103919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240817)"; flow:established,from_client; content:"GET"; http_method; content:"/cuckoobox/cuckoo/archive/master.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240817/; classtype:trojan-activity;sid:84103917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240813)"; flow:established,from_client; content:"GET"; http_method; content:"/haxork8880/files/main/windowssync.txt.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240813/; classtype:trojan-activity;sid:84103913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240814)"; flow:established,from_client; content:"GET"; http_method; content:"/crjtpp/tpplab_public/main/poc-sample-lnk.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240814/; classtype:trojan-activity;sid:84103914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240812)"; flow:established,from_client; content:"GET"; http_method; content:"/hackerx237/miner/main/my-files.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240812/; classtype:trojan-activity;sid:84103912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240811)"; flow:established,from_client; content:"GET"; http_method; content:"/scode18/all-tweaker/releases/download/beta_v0.6/all.tweaker.beta.v0.6.7z"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240811/; classtype:trojan-activity;sid:84103911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240810)"; flow:established,from_client; content:"GET"; http_method; content:"/scode18/all-tweaker/raw/main/tweaks.7z"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240810/; classtype:trojan-activity;sid:84103910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240729)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"xss-1253555722.cos.ap-singapore.myqcloud.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240729/; classtype:trojan-activity;sid:84103829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240720)"; flow:established,from_client; content:"GET"; http_method; content:"/dqwr1q23rwdfr/xxx/releases/download/xxx/vital.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240720/; classtype:trojan-activity;sid:84103820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240639)"; flow:established,from_client; content:"GET"; http_method; content:"/mohdjulaya09/code-sparrow-crypter-2.0-private-crack-leak/releases/download/%23crypter/codesparrow.crypter.2.0.crack.rar"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240639/; classtype:trojan-activity;sid:84103739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239707)"; flow:established,from_client; content:"GET"; http_method; content:"/demon.x64.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"8.138.96.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239707/; classtype:trojan-activity;sid:84102807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239678)"; flow:established,from_client; content:"GET"; http_method; content:"/enc.bin"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.253.43.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239678/; classtype:trojan-activity;sid:84102778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239669)"; flow:established,from_client; content:"GET"; http_method; content:"/sys/20230120_3.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"124.248.65.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239669/; classtype:trojan-activity;sid:84102769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239666)"; flow:established,from_client; content:"GET"; http_method; content:"/sys/20230120_4.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"124.248.65.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239666/; classtype:trojan-activity;sid:84102766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239667)"; flow:established,from_client; content:"GET"; http_method; content:"/sys/20230120_2.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"124.248.65.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239667/; classtype:trojan-activity;sid:84102767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239668)"; flow:established,from_client; content:"GET"; http_method; content:"/sys/20230120_1.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"124.248.65.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239668/; classtype:trojan-activity;sid:84102768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239574)"; flow:established,from_client; content:"GET"; http_method; content:"/js/paste.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"112.217.207.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239574/; classtype:trojan-activity;sid:84102674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239323)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/multi"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239323/; classtype:trojan-activity;sid:84102423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239106)"; flow:established,from_client; content:"GET"; http_method; content:"/malicious.jar"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"122.51.52.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239106/; classtype:trojan-activity;sid:84102206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238658)"; flow:established,from_client; content:"GET"; http_method; content:"/eaklauncher/eaklauncher.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"147.50.240.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238658/; classtype:trojan-activity;sid:84101758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238593)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrp.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238593/; classtype:trojan-activity;sid:84101693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.45.19.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238563/; classtype:trojan-activity;sid:84101663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.45.19.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238543/; classtype:trojan-activity;sid:84101643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238540)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/onedrive.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238540/; classtype:trojan-activity;sid:84101640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238242)"; flow:established,from_client; content:"GET"; http_method; content:"/baksvoronov/testingflrplgpreg/zip/refs/heads/main"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238242/; classtype:trojan-activity;sid:84101342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238163)"; flow:established,from_client; content:"GET"; http_method; content:"/xxx.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"156.245.12.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238163/; classtype:trojan-activity;sid:84101263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238164)"; flow:established,from_client; content:"GET"; http_method; content:"/xxx.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"156.245.12.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238164/; classtype:trojan-activity;sid:84101264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238160)"; flow:established,from_client; content:"GET"; http_method; content:"/npc.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"39.105.31.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238160/; classtype:trojan-activity;sid:84101260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238159)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/tb/ewm.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"taodianla.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238159/; classtype:trojan-activity;sid:84101259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238155)"; flow:established,from_client; content:"GET"; http_method; content:"/cdb.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"146.56.118.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238155/; classtype:trojan-activity;sid:84101255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238123)"; flow:established,from_client; content:"GET"; http_method; content:"/peszok/xworm-remote-access-tool/releases/download/v5.0/xworm.rar"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238123/; classtype:trojan-activity;sid:84101223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238111)"; flow:established,from_client; content:"GET"; http_method; content:"/resources/js/info2r.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"188.81.134.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238111/; classtype:trojan-activity;sid:84101211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238086)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/drg/rtc/f3pe.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238086/; classtype:trojan-activity;sid:84101186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238082)"; flow:established,from_client; content:"GET"; http_method; content:"/nakuss/erth/main/wenzcord.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238082/; classtype:trojan-activity;sid:84101182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238083)"; flow:established,from_client; content:"GET"; http_method; content:"/azurerex/napewnonievoiderhook/main/seksiak.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238083/; classtype:trojan-activity;sid:84101183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238084)"; flow:established,from_client; content:"GET"; http_method; content:"/python312/rusty-dropper/main/client-built.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238084/; classtype:trojan-activity;sid:84101184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238073)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/main/fast%20download.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238073/; classtype:trojan-activity;sid:84101173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238074)"; flow:established,from_client; content:"GET"; http_method; content:"/imaeewy/test-rat-do-not-download-exe/refs/heads/main/discord.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238074/; classtype:trojan-activity;sid:84101174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238076)"; flow:established,from_client; content:"GET"; http_method; content:"/therealastro666/lolz/main/built.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238076/; classtype:trojan-activity;sid:84101176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238078)"; flow:established,from_client; content:"GET"; http_method; content:"/raz233/rgdgdrg/main/client.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238078/; classtype:trojan-activity;sid:84101178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238079)"; flow:established,from_client; content:"GET"; http_method; content:"/aspdasdksa2/callback/main/client-built.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238079/; classtype:trojan-activity;sid:84101179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238081)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/main/x.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238081/; classtype:trojan-activity;sid:84101181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238066)"; flow:established,from_client; content:"GET"; http_method; content:"/paketpk/trojan/main/njsilent.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238066/; classtype:trojan-activity;sid:84101166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238067)"; flow:established,from_client; content:"GET"; http_method; content:"/eliasgay23/123/main/svhost.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238067/; classtype:trojan-activity;sid:84101167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238068)"; flow:established,from_client; content:"GET"; http_method; content:"/bublegumle/r32r32/master/server.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238068/; classtype:trojan-activity;sid:84101168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238069)"; flow:established,from_client; content:"GET"; http_method; content:"/monkey958/sdasd/main/856.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238069/; classtype:trojan-activity;sid:84101169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238070)"; flow:established,from_client; content:"GET"; http_method; content:"/proltop1/popka/master/svchost.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238070/; classtype:trojan-activity;sid:84101170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238064)"; flow:established,from_client; content:"GET"; http_method; content:"/fortnitebott/spfnll/main/spofrln.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238064/; classtype:trojan-activity;sid:84101164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238061)"; flow:established,from_client; content:"GET"; http_method; content:"/grozniy1/folder/main/444.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238061/; classtype:trojan-activity;sid:84101161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238062)"; flow:established,from_client; content:"GET"; http_method; content:"/kees5462/this-is-a-roblox-external-cheat-best-one-out-there/refs/heads/main/java32.exe"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238062/; classtype:trojan-activity;sid:84101162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238063)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/main/discord.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238063/; classtype:trojan-activity;sid:84101163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238059)"; flow:established,from_client; content:"GET"; http_method; content:"/xcocgt/priv1/main/testme.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238059/; classtype:trojan-activity;sid:84101159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238058)"; flow:established,from_client; content:"GET"; http_method; content:"/sesafvr/ayo/refs/heads/main/client-built.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238058/; classtype:trojan-activity;sid:84101158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238056)"; flow:established,from_client; content:"GET"; http_method; content:"/impar0/tryyy/main/client.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238056/; classtype:trojan-activity;sid:84101156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238057)"; flow:established,from_client; content:"GET"; http_method; content:"/mentaliczz/bloxflippredictor-v2/main/bloxflip%20predictor.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238057/; classtype:trojan-activity;sid:84101157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238055)"; flow:established,from_client; content:"GET"; http_method; content:"/visoxc/misterbombastic/main/don/driverhost.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238055/; classtype:trojan-activity;sid:84101155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238052)"; flow:established,from_client; content:"GET"; http_method; content:"/cryptskiddy/remoteadmintool/master/trojan.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238052/; classtype:trojan-activity;sid:84101152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238054)"; flow:established,from_client; content:"GET"; http_method; content:"/pyxe1/sheesh/9e641bf9dd97a738f11f4b212603758cd9861f27/plswork.exe"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238054/; classtype:trojan-activity;sid:84101154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238050)"; flow:established,from_client; content:"GET"; http_method; content:"/re9neyt/goodfrag-mh-counter-strike-global-offensive-/master/goodfrag.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238050/; classtype:trojan-activity;sid:84101150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238047)"; flow:established,from_client; content:"GET"; http_method; content:"/horiffy/sentil/main/sentil.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238047/; classtype:trojan-activity;sid:84101147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238048)"; flow:established,from_client; content:"GET"; http_method; content:"/bublegumle/hyh/master/server.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238048/; classtype:trojan-activity;sid:84101148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238045)"; flow:established,from_client; content:"GET"; http_method; content:"/theairblow/theairblow/refs/heads/main/njrat.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238045/; classtype:trojan-activity;sid:84101145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238046)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/osiris/refs/heads/main/2klz.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238046/; classtype:trojan-activity;sid:84101146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238041)"; flow:established,from_client; content:"GET"; http_method; content:"/tezx11/imgui/main/runtimebroker.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238041/; classtype:trojan-activity;sid:84101141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238035)"; flow:established,from_client; content:"GET"; http_method; content:"/stukit/svhoste/main/svhoste.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238035/; classtype:trojan-activity;sid:84101135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238037)"; flow:established,from_client; content:"GET"; http_method; content:"/fhebngndsg/thefunny/main/client-built.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238037/; classtype:trojan-activity;sid:84101137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238031)"; flow:established,from_client; content:"GET"; http_method; content:"/cupofteaa08/autominepermission/main/runtime%20broker.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238031/; classtype:trojan-activity;sid:84101131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238033)"; flow:established,from_client; content:"GET"; http_method; content:"/tiraundercode/rev/main/client-built.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238033/; classtype:trojan-activity;sid:84101133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238027)"; flow:established,from_client; content:"GET"; http_method; content:"/lexazar63/minecraft-client/master/steamdetector.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238027/; classtype:trojan-activity;sid:84101127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238028)"; flow:established,from_client; content:"GET"; http_method; content:"/toxicxz/fnaf-1/main/fusca%20game.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238028/; classtype:trojan-activity;sid:84101128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238023)"; flow:established,from_client; content:"GET"; http_method; content:"/vdlosunbik/steam.upgreyd/master/steam.upgreyd.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238023/; classtype:trojan-activity;sid:84101123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238024)"; flow:established,from_client; content:"GET"; http_method; content:"/bormasina/test/main/defender64.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238024/; classtype:trojan-activity;sid:84101124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238025)"; flow:established,from_client; content:"GET"; http_method; content:"/tpinauskas/anticheat/main/amogus.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238025/; classtype:trojan-activity;sid:84101125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238021)"; flow:established,from_client; content:"GET"; http_method; content:"/anonam0369/1/main/discord.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238021/; classtype:trojan-activity;sid:84101121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238022)"; flow:established,from_client; content:"GET"; http_method; content:"/krevedko3221/porno/main/mos%20ssssttttt.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238022/; classtype:trojan-activity;sid:84101122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238018)"; flow:established,from_client; content:"GET"; http_method; content:"/gleb221/paki/master/%d0%9f%d0%b0%d0%ba%d0%b8.rar"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238018/; classtype:trojan-activity;sid:84101118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238019)"; flow:established,from_client; content:"GET"; http_method; content:"/xerussploit/spectrum/main/spectrum.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238019/; classtype:trojan-activity;sid:84101119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238015)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/discord/refs/heads/main/discord.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238015/; classtype:trojan-activity;sid:84101115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238016)"; flow:established,from_client; content:"GET"; http_method; content:"/qwuxu/ghjtdfghnfg/main/lastest.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238016/; classtype:trojan-activity;sid:84101116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238014)"; flow:established,from_client; content:"GET"; http_method; content:"/pyxe1/sheesh/04f111bc997c01dc4aa6ab035dcb5ff877fc5bbf/client-built.exe"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238014/; classtype:trojan-activity;sid:84101114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238013)"; flow:established,from_client; content:"GET"; http_method; content:"/vampirvikariy/clientn2/master/intro.avi.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238013/; classtype:trojan-activity;sid:84101113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238012)"; flow:established,from_client; content:"GET"; http_method; content:"/theairblow/theairblow/main/njrat.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238012/; classtype:trojan-activity;sid:84101112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238008)"; flow:established,from_client; content:"GET"; http_method; content:"/xerussploit/neverlose-loader/refs/heads/main/neverlose%20loader.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238008/; classtype:trojan-activity;sid:84101108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238009)"; flow:established,from_client; content:"GET"; http_method; content:"/supfrezze/jtebez/master/dayum.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238009/; classtype:trojan-activity;sid:84101109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238010)"; flow:established,from_client; content:"GET"; http_method; content:"/eluwnkaquxi/elcio/main/server1.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238010/; classtype:trojan-activity;sid:84101110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238006)"; flow:established,from_client; content:"GET"; http_method; content:"/nxrecxxil/syndicate/main/main.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238006/; classtype:trojan-activity;sid:84101106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237999)"; flow:established,from_client; content:"GET"; http_method; content:"/biseo0/neue/raw/main/client-built.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237999/; classtype:trojan-activity;sid:84101099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237993)"; flow:established,from_client; content:"GET"; http_method; content:"/aspdasdksa2/callback/raw/main/client-built.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237993/; classtype:trojan-activity;sid:84101093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237975)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/blob/master/rat/njrat.exe|3f|raw=true"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237975/; classtype:trojan-activity;sid:84101075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237976)"; flow:established,from_client; content:"GET"; http_method; content:"/5556.rar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"188.212.158.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237976/; classtype:trojan-activity;sid:84101076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237956)"; flow:established,from_client; content:"GET"; http_method; content:"/blank-c/umbral-stealer/zip/refs/heads/main"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237956/; classtype:trojan-activity;sid:84101056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237955)"; flow:established,from_client; content:"GET"; http_method; content:"/blank-c/blank-grabber/zip/refs/heads/main"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237955/; classtype:trojan-activity;sid:84101055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237954)"; flow:established,from_client; content:"GET"; http_method; content:"/blank-c/blankobf/zip/refs/heads/v2"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237954/; classtype:trojan-activity;sid:84101054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237916)"; flow:established,from_client; content:"GET"; http_method; content:"/descargas/ammyy.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"soportegira.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237916/; classtype:trojan-activity;sid:84101016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237889)"; flow:established,from_client; content:"GET"; http_method; content:"/activia/aa_v3.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sfa.com.ar"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237889/; classtype:trojan-activity;sid:84100989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237876)"; flow:established,from_client; content:"GET"; http_method; content:"/aa_v3.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.175.186.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237876/; classtype:trojan-activity;sid:84100976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237861)"; flow:established,from_client; content:"GET"; http_method; content:"/joh81/exploi01/zip/refs/heads/main"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237861/; classtype:trojan-activity;sid:84100961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237856)"; flow:established,from_client; content:"GET"; http_method; content:"/mariolalo/myrec/main/notallowedtocrypt.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237856/; classtype:trojan-activity;sid:84100956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237855)"; flow:established,from_client; content:"GET"; http_method; content:"/yusuf216/sshport/main/evetbeta.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237855/; classtype:trojan-activity;sid:84100955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237850)"; flow:established,from_client; content:"GET"; http_method; content:"/files/hunt.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"microsoft-analyse.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237850/; classtype:trojan-activity;sid:84100950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237851)"; flow:established,from_client; content:"GET"; http_method; content:"/files/sexyrem"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"microsoft-analyse.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237851/; classtype:trojan-activity;sid:84100951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237849)"; flow:established,from_client; content:"GET"; http_method; content:"/files/host.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"microsoft-analyse.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237849/; classtype:trojan-activity;sid:84100949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237823)"; flow:established,from_client; content:"GET"; http_method; content:"/cfedss/exe/main/solara_protect.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237823/; classtype:trojan-activity;sid:84100923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237810)"; flow:established,from_client; content:"GET"; http_method; content:"/steve824/a/zip/refs/heads/main"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237810/; classtype:trojan-activity;sid:84100910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237807)"; flow:established,from_client; content:"GET"; http_method; content:"/orospuccocugu/aaaaaa/main/anne.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237807/; classtype:trojan-activity;sid:84100907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237806)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/main/discord2.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237806/; classtype:trojan-activity;sid:84100906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237794)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/main/discord.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237794/; classtype:trojan-activity;sid:84100894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237796)"; flow:established,from_client; content:"GET"; http_method; content:"/jzmvip/jzmfreetool/main/asyncclient.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237796/; classtype:trojan-activity;sid:84100896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237797)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/main/discord3.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237797/; classtype:trojan-activity;sid:84100897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237798)"; flow:established,from_client; content:"GET"; http_method; content:"/jackedmicheal/ccenty/main/crspoofer.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237798/; classtype:trojan-activity;sid:84100898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237799)"; flow:established,from_client; content:"GET"; http_method; content:"/ducminh23/ddosv1/main/ddosziller.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237799/; classtype:trojan-activity;sid:84100899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237800)"; flow:established,from_client; content:"GET"; http_method; content:"/h4ck3dv0d4/terminal-test/main/terminal_9235.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237800/; classtype:trojan-activity;sid:84100900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237801)"; flow:established,from_client; content:"GET"; http_method; content:"/heysama/afsgdhzx/main/asyncclient.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237801/; classtype:trojan-activity;sid:84100901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237803)"; flow:established,from_client; content:"GET"; http_method; content:"/krishnatherock9673/krishna22/main/krishna33.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237803/; classtype:trojan-activity;sid:84100903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237792)"; flow:established,from_client; content:"GET"; http_method; content:"/heysama/afsgdhzx/raw/main/asyncclient.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237792/; classtype:trojan-activity;sid:84100892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237737)"; flow:established,from_client; content:"GET"; http_method; content:"/thebb5th/123/zip/refs/heads/main"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237737/; classtype:trojan-activity;sid:84100837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237464)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_3ozdjl5puad8qn3tipydynn5j7l13el"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237464/; classtype:trojan-activity;sid:84100564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237443)"; flow:established,from_client; content:"GET"; http_method; content:"/new.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"210.56.13.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237443/; classtype:trojan-activity;sid:84100543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236640)"; flow:established,from_client; content:"GET"; http_method; content:"/download/kedadecoder.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"60.166.36.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236640/; classtype:trojan-activity;sid:84099740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236597)"; flow:established,from_client; content:"GET"; http_method; content:"/center.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"119.193.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236597/; classtype:trojan-activity;sid:84099697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236587)"; flow:established,from_client; content:"GET"; http_method; content:"/download/kedadecoder.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"153.37.77.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236587/; classtype:trojan-activity;sid:84099687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236559)"; flow:established,from_client; content:"GET"; http_method; content:"/download/kedadecoder.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.136.142.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236559/; classtype:trojan-activity;sid:84099659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236485)"; flow:established,from_client; content:"GET"; http_method; content:"/never.hta"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"210.56.13.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236485/; classtype:trojan-activity;sid:84099585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236453)"; flow:established,from_client; content:"GET"; http_method; content:"/s3cur3th1ssh1t/creds/master/powershellscripts/invoke-petitpotam.ps1"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236453/; classtype:trojan-activity;sid:84099553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236449)"; flow:established,from_client; content:"GET"; http_method; content:"/mvt/xmrig.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"main.dsn.ovh"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236449/; classtype:trojan-activity;sid:84099549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236324)"; flow:established,from_client; content:"GET"; http_method; content:"/file/xwgl/xw_xxgl.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"data.yhydl.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236324/; classtype:trojan-activity;sid:84099424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236323)"; flow:established,from_client; content:"GET"; http_method; content:"/file/yhy_setup.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"data.yhydl.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236323/; classtype:trojan-activity;sid:84099423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236317)"; flow:established,from_client; content:"GET"; http_method; content:"/dam/software/keygen.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"desquer.ens.uabc.mx"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236317/; classtype:trojan-activity;sid:84099417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236316)"; flow:established,from_client; content:"GET"; http_method; content:"/cs-daili.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dow.andylab.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236316/; classtype:trojan-activity;sid:84099416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236314)"; flow:established,from_client; content:"GET"; http_method; content:"/ipscan.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"file.edunet.ac"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236314/; classtype:trojan-activity;sid:84099414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236313)"; flow:established,from_client; content:"GET"; http_method; content:"/mirdll2.rar"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"dow.andylab.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236313/; classtype:trojan-activity;sid:84099413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236311)"; flow:established,from_client; content:"GET"; http_method; content:"/datdll.rar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dow.andylab.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236311/; classtype:trojan-activity;sid:84099411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236272)"; flow:established,from_client; content:"GET"; http_method; content:"/1skilllauncher/1skilllauncher.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"147.50.240.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236272/; classtype:trojan-activity;sid:84099372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236240)"; flow:established,from_client; content:"GET"; http_method; content:"/services/identification/server/gtptoolsdownloadhandler.ashx|3f|filename=gtp_6_browserplugin_setup.exe"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"hnjgdl.geps.glodon.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236240/; classtype:trojan-activity;sid:84099340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236238)"; flow:established,from_client; content:"GET"; http_method; content:"/xbyxsv3.94.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.beiletoys.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236238/; classtype:trojan-activity;sid:84099338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236237)"; flow:established,from_client; content:"GET"; http_method; content:"/natgo.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dl.natgo.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236237/; classtype:trojan-activity;sid:84099337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236236)"; flow:established,from_client; content:"GET"; http_method; content:"/download/etermproxy.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pid.fly160.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236236/; classtype:trojan-activity;sid:84099336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236225)"; flow:established,from_client; content:"GET"; http_method; content:"/update/client/update.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"217.15.164.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236225/; classtype:trojan-activity;sid:84099325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236224)"; flow:established,from_client; content:"GET"; http_method; content:"/pdd_biaoge/soft/down.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"49.234.48.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236224/; classtype:trojan-activity;sid:84099324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236215)"; flow:established,from_client; content:"GET"; http_method; content:"/update/client/cabal.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"217.15.164.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236215/; classtype:trojan-activity;sid:84099315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236154)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17267811/stm.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236154/; classtype:trojan-activity;sid:84099254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235523)"; flow:established,from_client; content:"GET"; http_method; content:"/chainguard-dev/bincapz/archive/refs/tags/v0.5.0.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235523/; classtype:trojan-activity;sid:84098623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235524)"; flow:established,from_client; content:"GET"; http_method; content:"/randomvapeuser/vape-4.11/releases/download/crack/vape.v4.11.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235524/; classtype:trojan-activity;sid:84098624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235522)"; flow:established,from_client; content:"GET"; http_method; content:"/playmcbkuwu/vape/releases/download/stable/vape.v4.10.from.duckysolucky.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235522/; classtype:trojan-activity;sid:84098622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235514)"; flow:established,from_client; content:"GET"; http_method; content:"/barrigudinha157/barrigudinha/raw/master/rage.dll"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235514/; classtype:trojan-activity;sid:84098614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235513)"; flow:established,from_client; content:"GET"; http_method; content:"/meckazin/chromekatz/releases/download/0.4.7/chromekatzbofs.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235513/; classtype:trojan-activity;sid:84098613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235094)"; flow:established,from_client; content:"GET"; http_method; content:"/xsh/update.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.126.11.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3235094/; classtype:trojan-activity;sid:84098194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235088)"; flow:established,from_client; content:"GET"; http_method; content:"/spoofer.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.141.26.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3235088/; classtype:trojan-activity;sid:84098188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235077)"; flow:established,from_client; content:"GET"; http_method; content:"/libcurl.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"coach.028csc.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3235077/; classtype:trojan-activity;sid:84098177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235061)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/worker.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3235061/; classtype:trojan-activity;sid:84098161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234872)"; flow:established,from_client; content:"GET"; http_method; content:"/babskai/vir-s/main/asyncclient.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234872/; classtype:trojan-activity;sid:84097972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234859)"; flow:established,from_client; content:"GET"; http_method; content:"/petikvx/lockbit-black-builder/main/lockbit30/builder.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234859/; classtype:trojan-activity;sid:84097959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234858)"; flow:established,from_client; content:"GET"; http_method; content:"/tennessene/lockbit/refs/heads/main/builder.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234858/; classtype:trojan-activity;sid:84097958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234803)"; flow:established,from_client; content:"GET"; http_method; content:"/crazycoach.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"coach.028csc.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234803/; classtype:trojan-activity;sid:84097903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234465)"; flow:established,from_client; content:"GET"; http_method; content:"/right_distribution.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"117.72.70.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234465/; classtype:trojan-activity;sid:84097565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234464)"; flow:established,from_client; content:"GET"; http_method; content:"/distribution.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"117.72.70.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234464/; classtype:trojan-activity;sid:84097564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234462)"; flow:established,from_client; content:"GET"; http_method; content:"/xl_ext_chrome.crx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"117.72.70.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234462/; classtype:trojan-activity;sid:84097562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234460)"; flow:established,from_client; content:"GET"; http_method; content:"/test.pdf.lnk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"117.72.70.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234460/; classtype:trojan-activity;sid:84097560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234459)"; flow:established,from_client; content:"GET"; http_method; content:"/distribution.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"117.72.70.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234459/; classtype:trojan-activity;sid:84097559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234458)"; flow:established,from_client; content:"GET"; http_method; content:"/protect_distribution.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"117.72.70.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234458/; classtype:trojan-activity;sid:84097558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3233069)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"192.162.49.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3233069/; classtype:trojan-activity;sid:84096169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232529)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/utility-inst.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232529/; classtype:trojan-activity;sid:84095629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232530)"; flow:established,from_client; content:"GET"; http_method; content:"/dobre/splwow64_1.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232530/; classtype:trojan-activity;sid:84095630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232419)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"113.250.188.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232419/; classtype:trojan-activity;sid:84095519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232401)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.196.237.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232401/; classtype:trojan-activity;sid:84095501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232402)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.32.202.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232402/; classtype:trojan-activity;sid:84095502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232090)"; flow:established,from_client; content:"GET"; http_method; content:"/session-https.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3232090/; classtype:trojan-activity;sid:84095190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232089)"; flow:established,from_client; content:"GET"; http_method; content:"/session-http2.hta"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3232089/; classtype:trojan-activity;sid:84095189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231796)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/16737801/wave.zip|3f|"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231796/; classtype:trojan-activity;sid:84094896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231794)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/16419615/solara.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231794/; classtype:trojan-activity;sid:84094894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231554)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.248.204.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231554/; classtype:trojan-activity;sid:84094654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231110)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrp.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231110/; classtype:trojan-activity;sid:84094210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230704)"; flow:established,from_client; content:"GET"; http_method; content:"/drhbntdenedrhn/2.jpg"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"odoo.kseibitools.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230704/; classtype:trojan-activity;sid:84093804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230703)"; flow:established,from_client; content:"GET"; http_method; content:"/drhbntdenedrhn/rainbow.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"odoo.kseibitools.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230703/; classtype:trojan-activity;sid:84093803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230243)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.120.3.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230243/; classtype:trojan-activity;sid:84093343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229631)"; flow:established,from_client; content:"GET"; http_method; content:"/kamilniftaliev/cryptoview/zip/refs/heads/main"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229631/; classtype:trojan-activity;sid:84092731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228667)"; flow:established,from_client; content:"GET"; http_method; content:"/winassist/login/login.7z"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"win.down.55kantu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228667/; classtype:trojan-activity;sid:84091767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228412)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.0.199.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228412/; classtype:trojan-activity;sid:84091512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3226957)"; flow:established,from_client; content:"GET"; http_method; content:"/devmgmt.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"43.241.17.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3226957/; classtype:trojan-activity;sid:84090057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3226761)"; flow:established,from_client; content:"GET"; http_method; content:"/second.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"43.241.17.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3226761/; classtype:trojan-activity;sid:84089861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3226551)"; flow:established,from_client; content:"GET"; http_method; content:"/unmysqld.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"47.238.84.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3226551/; classtype:trojan-activity;sid:84089651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3226552)"; flow:established,from_client; content:"GET"; http_method; content:"/mariadb.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"47.238.84.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3226552/; classtype:trojan-activity;sid:84089652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3226239)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.22.0/xmrig-6.22.0-linux-static-x64.tar.gz"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3226239/; classtype:trojan-activity;sid:84089339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225936)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.252.86.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3225936/; classtype:trojan-activity;sid:84089036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225932)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.70.238.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3225932/; classtype:trojan-activity;sid:84089032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225931)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.239.254.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3225931/; classtype:trojan-activity;sid:84089031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225928)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.56.172.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3225928/; classtype:trojan-activity;sid:84089028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225922)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.188.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3225922/; classtype:trojan-activity;sid:84089022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3224313)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/unit.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_08; reference:url, urlhaus.abuse.ch/url/3224313/; classtype:trojan-activity;sid:84087413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3224192)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bildnewl.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3224192/; classtype:trojan-activity;sid:84087292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223989)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/loadnew.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223989/; classtype:trojan-activity;sid:84087089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223808)"; flow:established,from_client; content:"GET"; http_method; content:"/session.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223808/; classtype:trojan-activity;sid:84086908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223739)"; flow:established,from_client; content:"GET"; http_method; content:"/meeting-https.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223739/; classtype:trojan-activity;sid:84086839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223708)"; flow:established,from_client; content:"GET"; http_method; content:"/extension-http.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223708/; classtype:trojan-activity;sid:84086808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223686)"; flow:established,from_client; content:"GET"; http_method; content:"/journal-https.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223686/; classtype:trojan-activity;sid:84086786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223573)"; flow:established,from_client; content:"GET"; http_method; content:"/broadcomretest.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223573/; classtype:trojan-activity;sid:84086673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223472)"; flow:established,from_client; content:"GET"; http_method; content:"/prototype-https.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223472/; classtype:trojan-activity;sid:84086572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223377)"; flow:established,from_client; content:"GET"; http_method; content:"/intercepter-ng.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223377/; classtype:trojan-activity;sid:84086477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223354)"; flow:established,from_client; content:"GET"; http_method; content:"/transfer.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223354/; classtype:trojan-activity;sid:84086454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223285)"; flow:established,from_client; content:"GET"; http_method; content:"/journal-http.hta"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223285/; classtype:trojan-activity;sid:84086385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223220)"; flow:established,from_client; content:"GET"; http_method; content:"/excel-https.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223220/; classtype:trojan-activity;sid:84086320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223169)"; flow:established,from_client; content:"GET"; http_method; content:"/excel-http.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223169/; classtype:trojan-activity;sid:84086269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223170)"; flow:established,from_client; content:"GET"; http_method; content:"/prototype-tcp.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223170/; classtype:trojan-activity;sid:84086270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223171)"; flow:established,from_client; content:"GET"; http_method; content:"/extension-tcp.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223171/; classtype:trojan-activity;sid:84086271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218068)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64/rld"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"90.45.68.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218068/; classtype:trojan-activity;sid:84081168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218067)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64/rls"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"90.45.68.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218067/; classtype:trojan-activity;sid:84081167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218064)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64/kthreadrm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"90.45.68.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218064/; classtype:trojan-activity;sid:84081164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218065)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l/kthreadrm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"90.45.68.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218065/; classtype:trojan-activity;sid:84081165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218036)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.45.68.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218036/; classtype:trojan-activity;sid:84081136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218037)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"90.45.68.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218037/; classtype:trojan-activity;sid:84081137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218034)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"90.45.68.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218034/; classtype:trojan-activity;sid:84081134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218035)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.45.68.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218035/; classtype:trojan-activity;sid:84081135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218033)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.207.216.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218033/; classtype:trojan-activity;sid:84081133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218030)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.106.101.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218030/; classtype:trojan-activity;sid:84081130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218031)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.139.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218031/; classtype:trojan-activity;sid:84081131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218022)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.3.211.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218022/; classtype:trojan-activity;sid:84081122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218023)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.56.191.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218023/; classtype:trojan-activity;sid:84081123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218026)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.113.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218026/; classtype:trojan-activity;sid:84081126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218027)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.139.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218027/; classtype:trojan-activity;sid:84081127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218028)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.2.45.132"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218028/; classtype:trojan-activity;sid:84081128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218004)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.145.144.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218004/; classtype:trojan-activity;sid:84081104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218009)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.207.217.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218009/; classtype:trojan-activity;sid:84081109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218014)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.76.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218014/; classtype:trojan-activity;sid:84081114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218001)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.96.13.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218001/; classtype:trojan-activity;sid:84081101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217811)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.239.74.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217811/; classtype:trojan-activity;sid:84080911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217785)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217785/; classtype:trojan-activity;sid:84080885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217786)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217786/; classtype:trojan-activity;sid:84080886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217787)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.205.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217787/; classtype:trojan-activity;sid:84080887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217789)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.122.182.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217789/; classtype:trojan-activity;sid:84080889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217802)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.130.160.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217802/; classtype:trojan-activity;sid:84080902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217784)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.35.233.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217784/; classtype:trojan-activity;sid:84080884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217780)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.203.169.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217780/; classtype:trojan-activity;sid:84080880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217763)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.87.117.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217763/; classtype:trojan-activity;sid:84080863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217768)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"194.144.250.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217768/; classtype:trojan-activity;sid:84080868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217775)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.191.89.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217775/; classtype:trojan-activity;sid:84080875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217776)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217776/; classtype:trojan-activity;sid:84080876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217777)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.179.254.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217777/; classtype:trojan-activity;sid:84080877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217753)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.35.233.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217753/; classtype:trojan-activity;sid:84080853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217754)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217754/; classtype:trojan-activity;sid:84080854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217757)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.106.155.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217757/; classtype:trojan-activity;sid:84080857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217759)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217759/; classtype:trojan-activity;sid:84080859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217760)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217760/; classtype:trojan-activity;sid:84080860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217749)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217749/; classtype:trojan-activity;sid:84080849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217750)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.28.228.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217750/; classtype:trojan-activity;sid:84080850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217745)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217745/; classtype:trojan-activity;sid:84080845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217746)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.198.247.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217746/; classtype:trojan-activity;sid:84080846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217733)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.171.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217733/; classtype:trojan-activity;sid:84080833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217734)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.191.89.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217734/; classtype:trojan-activity;sid:84080834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217736)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.136.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217736/; classtype:trojan-activity;sid:84080836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217738)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.223.106.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217738/; classtype:trojan-activity;sid:84080838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217740)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.203.169.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217740/; classtype:trojan-activity;sid:84080840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217713)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217713/; classtype:trojan-activity;sid:84080813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217716)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217716/; classtype:trojan-activity;sid:84080816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217717)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217717/; classtype:trojan-activity;sid:84080817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217719)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.35.233.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217719/; classtype:trojan-activity;sid:84080819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217729)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217729/; classtype:trojan-activity;sid:84080829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217710)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.35.233.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217710/; classtype:trojan-activity;sid:84080810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217711)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217711/; classtype:trojan-activity;sid:84080811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217701)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.88.92.150"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217701/; classtype:trojan-activity;sid:84080801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217702)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"124.19.79.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217702/; classtype:trojan-activity;sid:84080802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217699)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.200.178.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217699/; classtype:trojan-activity;sid:84080799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217700)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.200.178.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217700/; classtype:trojan-activity;sid:84080800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217697)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.183.103.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217697/; classtype:trojan-activity;sid:84080797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217698)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.200.177.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217698/; classtype:trojan-activity;sid:84080798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217691)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.200.177.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217691/; classtype:trojan-activity;sid:84080791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217692)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.183.103.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217692/; classtype:trojan-activity;sid:84080792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217694)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.200.177.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217694/; classtype:trojan-activity;sid:84080794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217689)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.96.13.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217689/; classtype:trojan-activity;sid:84080789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217684)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.43.16.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217684/; classtype:trojan-activity;sid:84080784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217681)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.45.183.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217681/; classtype:trojan-activity;sid:84080781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217682)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.45.183.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217682/; classtype:trojan-activity;sid:84080782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217665)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.96.13.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217665/; classtype:trojan-activity;sid:84080765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217666)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.76.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217666/; classtype:trojan-activity;sid:84080766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217667)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.76.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217667/; classtype:trojan-activity;sid:84080767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217669)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.12.184.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217669/; classtype:trojan-activity;sid:84080769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217672)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"206.204.128.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217672/; classtype:trojan-activity;sid:84080772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217674)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.191.89.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217674/; classtype:trojan-activity;sid:84080774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217676)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.24.237.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217676/; classtype:trojan-activity;sid:84080776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217661)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.26.194.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217661/; classtype:trojan-activity;sid:84080761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217638)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.161.6.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217638/; classtype:trojan-activity;sid:84080738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217640)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.224.190.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217640/; classtype:trojan-activity;sid:84080740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217623)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.147.165.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217623/; classtype:trojan-activity;sid:84080723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217624)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.147.165.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217624/; classtype:trojan-activity;sid:84080724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217625)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.205.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217625/; classtype:trojan-activity;sid:84080725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217627)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.171.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217627/; classtype:trojan-activity;sid:84080727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217628)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.40.25.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217628/; classtype:trojan-activity;sid:84080728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217621)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.205.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217621/; classtype:trojan-activity;sid:84080721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217618)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.205.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217618/; classtype:trojan-activity;sid:84080718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217562)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.212.35.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217562/; classtype:trojan-activity;sid:84080662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217470)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%bf%ae%e6%94%b9%e6%97%b6%e9%97%b4%e6%a0%bc%e5%bc%8f.bat"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"47.94.196.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217470/; classtype:trojan-activity;sid:84080570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217454)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.118.215.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217454/; classtype:trojan-activity;sid:84080554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217426)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.212.35.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217426/; classtype:trojan-activity;sid:84080526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217367)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.147.165.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217367/; classtype:trojan-activity;sid:84080467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217142)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.240.37.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217142/; classtype:trojan-activity;sid:84080242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217140)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.200.72.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217140/; classtype:trojan-activity;sid:84080240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217123)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.4.51.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217123/; classtype:trojan-activity;sid:84080223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217125)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.193.88.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217125/; classtype:trojan-activity;sid:84080225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217126)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.147.119.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217126/; classtype:trojan-activity;sid:84080226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217127)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.241.19.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217127/; classtype:trojan-activity;sid:84080227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217129)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.110.206.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217129/; classtype:trojan-activity;sid:84080229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217130)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.81.127.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217130/; classtype:trojan-activity;sid:84080230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217132)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.20.51.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217132/; classtype:trojan-activity;sid:84080232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217134)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.43.228.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217134/; classtype:trojan-activity;sid:84080234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.15.239.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217135/; classtype:trojan-activity;sid:84080235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.254.255.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217136/; classtype:trojan-activity;sid:84080236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217112)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.90.206.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217112/; classtype:trojan-activity;sid:84080212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217113)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.45.130.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217113/; classtype:trojan-activity;sid:84080213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217115)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.89.11.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217115/; classtype:trojan-activity;sid:84080215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217092)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.185.119.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217092/; classtype:trojan-activity;sid:84080192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217096)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.209.184.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217096/; classtype:trojan-activity;sid:84080196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217097)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.133.95.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217097/; classtype:trojan-activity;sid:84080197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217098)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.238.209.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217098/; classtype:trojan-activity;sid:84080198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217101)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.188.216.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217101/; classtype:trojan-activity;sid:84080201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217102)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.88.109.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217102/; classtype:trojan-activity;sid:84080202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217104)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.140.105.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217104/; classtype:trojan-activity;sid:84080204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217106)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.189.254.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217106/; classtype:trojan-activity;sid:84080206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.249.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217109/; classtype:trojan-activity;sid:84080209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217110)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.116.68.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217110/; classtype:trojan-activity;sid:84080210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217111)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.166.197.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217111/; classtype:trojan-activity;sid:84080211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217081)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.103.100.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217081/; classtype:trojan-activity;sid:84080181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217082)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.101.239.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217082/; classtype:trojan-activity;sid:84080182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217084)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.209.255.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217084/; classtype:trojan-activity;sid:84080184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217086)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.173.173.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217086/; classtype:trojan-activity;sid:84080186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217087)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.252.8.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217087/; classtype:trojan-activity;sid:84080187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217088)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.145.205.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217088/; classtype:trojan-activity;sid:84080188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217089)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.139.153.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217089/; classtype:trojan-activity;sid:84080189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217091)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.251.5.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217091/; classtype:trojan-activity;sid:84080191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217067)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.72.19.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217067/; classtype:trojan-activity;sid:84080167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217068)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.86.123.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217068/; classtype:trojan-activity;sid:84080168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217069)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.119.95.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217069/; classtype:trojan-activity;sid:84080169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217070)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.106.221.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217070/; classtype:trojan-activity;sid:84080170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217071)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.233.59.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217071/; classtype:trojan-activity;sid:84080171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217072)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.135.142.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217072/; classtype:trojan-activity;sid:84080172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217073)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.159.1.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217073/; classtype:trojan-activity;sid:84080173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217074)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.22.237.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217074/; classtype:trojan-activity;sid:84080174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217045)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.237.157.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217045/; classtype:trojan-activity;sid:84080145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217048)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.249.52.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217048/; classtype:trojan-activity;sid:84080148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217049)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.203.89.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217049/; classtype:trojan-activity;sid:84080149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217051)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.170.119.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217051/; classtype:trojan-activity;sid:84080151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217052)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.187.7.29"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217052/; classtype:trojan-activity;sid:84080152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217053)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.64.202.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217053/; classtype:trojan-activity;sid:84080153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217054)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.57.121.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217054/; classtype:trojan-activity;sid:84080154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217055)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.4.110.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217055/; classtype:trojan-activity;sid:84080155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217056)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.101.81.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217056/; classtype:trojan-activity;sid:84080156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217057)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.187.36.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217057/; classtype:trojan-activity;sid:84080157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217058)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.106.58.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217058/; classtype:trojan-activity;sid:84080158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217059)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.88.180.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217059/; classtype:trojan-activity;sid:84080159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217061)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.71.250.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217061/; classtype:trojan-activity;sid:84080161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217062)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.78.201.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217062/; classtype:trojan-activity;sid:84080162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.49.47.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217063/; classtype:trojan-activity;sid:84080163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217066)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.69.219.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217066/; classtype:trojan-activity;sid:84080166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217040)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.73.121.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217040/; classtype:trojan-activity;sid:84080140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217042)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"159.224.143.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217042/; classtype:trojan-activity;sid:84080142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217043)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.192.78.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217043/; classtype:trojan-activity;sid:84080143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217044)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.41.63.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217044/; classtype:trojan-activity;sid:84080144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217037)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.197.160.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217037/; classtype:trojan-activity;sid:84080137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217035)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.25.214.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217035/; classtype:trojan-activity;sid:84080135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217028)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.172.187.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217028/; classtype:trojan-activity;sid:84080128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217029)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.7.27.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217029/; classtype:trojan-activity;sid:84080129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.230.158.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217032/; classtype:trojan-activity;sid:84080132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217006)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.155.176.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217006/; classtype:trojan-activity;sid:84080106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217008)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.30.245.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217008/; classtype:trojan-activity;sid:84080108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217009)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.145.168.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217009/; classtype:trojan-activity;sid:84080109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217012)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.94.245.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217012/; classtype:trojan-activity;sid:84080112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217015)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.209.184.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217015/; classtype:trojan-activity;sid:84080115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217016)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.56.172.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217016/; classtype:trojan-activity;sid:84080116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217021)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.123.142.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217021/; classtype:trojan-activity;sid:84080121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.162.113.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217023/; classtype:trojan-activity;sid:84080123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217024)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.183.186.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217024/; classtype:trojan-activity;sid:84080124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217025)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.190.70.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217025/; classtype:trojan-activity;sid:84080125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.241.77.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217001/; classtype:trojan-activity;sid:84080101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217002)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.58.21.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217002/; classtype:trojan-activity;sid:84080102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217003)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.5.50.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217003/; classtype:trojan-activity;sid:84080103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217004)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.253.115.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217004/; classtype:trojan-activity;sid:84080104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217000)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.93.219.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217000/; classtype:trojan-activity;sid:84080100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.113.124.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216967/; classtype:trojan-activity;sid:84080067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216969)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.145.123.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216969/; classtype:trojan-activity;sid:84080069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216970)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.0.4.86"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216970/; classtype:trojan-activity;sid:84080070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.92.68.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216971/; classtype:trojan-activity;sid:84080071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216973)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.94.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216973/; classtype:trojan-activity;sid:84080073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.250.160.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216974/; classtype:trojan-activity;sid:84080074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.153.80.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216975/; classtype:trojan-activity;sid:84080075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.255.217.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216977/; classtype:trojan-activity;sid:84080077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216978)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.155.92.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216978/; classtype:trojan-activity;sid:84080078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.34.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216979/; classtype:trojan-activity;sid:84080079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216980)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.245.112.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216980/; classtype:trojan-activity;sid:84080080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216981)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.123.53.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216981/; classtype:trojan-activity;sid:84080081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.57.33.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216983/; classtype:trojan-activity;sid:84080083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.253.115.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216986/; classtype:trojan-activity;sid:84080086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216987)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.119.151.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216987/; classtype:trojan-activity;sid:84080087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216989)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.160.128.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216989/; classtype:trojan-activity;sid:84080089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216960)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.210.27.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216960/; classtype:trojan-activity;sid:84080060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216961)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.118.112.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216961/; classtype:trojan-activity;sid:84080061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216962)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.90.207.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216962/; classtype:trojan-activity;sid:84080062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216965)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.235.33.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216965/; classtype:trojan-activity;sid:84080065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216959)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"208.68.68.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216959/; classtype:trojan-activity;sid:84080059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.89.245.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216956/; classtype:trojan-activity;sid:84080056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216957)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.29.137.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216957/; classtype:trojan-activity;sid:84080057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216950)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.4.124.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216950/; classtype:trojan-activity;sid:84080050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216952)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.107.78.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216952/; classtype:trojan-activity;sid:84080052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.248.145.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216923/; classtype:trojan-activity;sid:84080023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216924)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.143.133.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216924/; classtype:trojan-activity;sid:84080024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216927)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.140.100.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216927/; classtype:trojan-activity;sid:84080027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216933)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.118.121.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216933/; classtype:trojan-activity;sid:84080033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.179.121.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216934/; classtype:trojan-activity;sid:84080034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216935)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.90.207.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216935/; classtype:trojan-activity;sid:84080035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216936)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.148.20.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216936/; classtype:trojan-activity;sid:84080036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216937)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.211.252.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216937/; classtype:trojan-activity;sid:84080037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216938)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.128.231.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216938/; classtype:trojan-activity;sid:84080038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216939)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.57.135.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216939/; classtype:trojan-activity;sid:84080039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216941)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.156.224.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216941/; classtype:trojan-activity;sid:84080041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216943)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.7.160.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216943/; classtype:trojan-activity;sid:84080043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.164.200.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216945/; classtype:trojan-activity;sid:84080045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216946)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.2.23.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216946/; classtype:trojan-activity;sid:84080046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216947)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.153.20.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216947/; classtype:trojan-activity;sid:84080047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216917)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"206.214.35.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216917/; classtype:trojan-activity;sid:84080017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216918)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.80.242.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216918/; classtype:trojan-activity;sid:84080018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216919)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.98.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216919/; classtype:trojan-activity;sid:84080019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216920)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.107.239.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216920/; classtype:trojan-activity;sid:84080020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216921)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.140.99.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216921/; classtype:trojan-activity;sid:84080021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216912)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.143.173.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216912/; classtype:trojan-activity;sid:84080012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216913)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.253.126.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216913/; classtype:trojan-activity;sid:84080013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216889)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.122.43.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216889/; classtype:trojan-activity;sid:84079989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216890)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.196.120.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216890/; classtype:trojan-activity;sid:84079990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216894)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.131.244.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216894/; classtype:trojan-activity;sid:84079994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216897)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.218.42.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216897/; classtype:trojan-activity;sid:84079997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216900)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.94.219.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216900/; classtype:trojan-activity;sid:84080000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216906)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.236.247.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216906/; classtype:trojan-activity;sid:84080006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216907)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.201.160.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216907/; classtype:trojan-activity;sid:84080007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216909)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.23.192.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216909/; classtype:trojan-activity;sid:84080009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216911)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216911/; classtype:trojan-activity;sid:84080011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216881)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.117.197.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216881/; classtype:trojan-activity;sid:84079981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.12.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216883/; classtype:trojan-activity;sid:84079983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216886)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.224.162.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216886/; classtype:trojan-activity;sid:84079986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216888)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.236.126.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216888/; classtype:trojan-activity;sid:84079988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216876)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.193.21.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216876/; classtype:trojan-activity;sid:84079976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216872)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.159.8.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216872/; classtype:trojan-activity;sid:84079972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216850)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.204.177.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216850/; classtype:trojan-activity;sid:84079950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.131.234.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216854/; classtype:trojan-activity;sid:84079954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216855)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.41.225.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216855/; classtype:trojan-activity;sid:84079955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216856)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.184.179.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216856/; classtype:trojan-activity;sid:84079956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216859)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.59.103.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216859/; classtype:trojan-activity;sid:84079959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.187.82.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216860/; classtype:trojan-activity;sid:84079960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216862)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.15.85.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216862/; classtype:trojan-activity;sid:84079962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.200.63.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216863/; classtype:trojan-activity;sid:84079963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.72.199.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216865/; classtype:trojan-activity;sid:84079965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216867)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.52.86.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216867/; classtype:trojan-activity;sid:84079967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216868)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.59.90.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216868/; classtype:trojan-activity;sid:84079968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216841)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.165.79.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216841/; classtype:trojan-activity;sid:84079941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.76.195.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216843/; classtype:trojan-activity;sid:84079943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216845)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.151.34.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216845/; classtype:trojan-activity;sid:84079945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216846)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.217.215.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216846/; classtype:trojan-activity;sid:84079946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216837)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.196.120.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216837/; classtype:trojan-activity;sid:84079937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216830)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.254.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216830/; classtype:trojan-activity;sid:84079930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216831)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.112.93.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216831/; classtype:trojan-activity;sid:84079931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216832)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.74.246.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216832/; classtype:trojan-activity;sid:84079932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216805)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.52.48.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216805/; classtype:trojan-activity;sid:84079905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216808)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.66.16.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216808/; classtype:trojan-activity;sid:84079908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216809)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.147.225.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216809/; classtype:trojan-activity;sid:84079909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.120.98.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216810/; classtype:trojan-activity;sid:84079910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216811)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"134.249.141.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216811/; classtype:trojan-activity;sid:84079911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216812)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.74.207.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216812/; classtype:trojan-activity;sid:84079912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216813)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.188.30.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216813/; classtype:trojan-activity;sid:84079913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216817)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.222.45.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216817/; classtype:trojan-activity;sid:84079917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216818)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.118.104.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216818/; classtype:trojan-activity;sid:84079918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216819)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.140.100.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216819/; classtype:trojan-activity;sid:84079919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216820)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.143.114.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216820/; classtype:trojan-activity;sid:84079920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216822)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.186.82.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216822/; classtype:trojan-activity;sid:84079922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216823)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.179.203.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216823/; classtype:trojan-activity;sid:84079923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216825)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.4.69.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216825/; classtype:trojan-activity;sid:84079925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216826)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.93.53.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216826/; classtype:trojan-activity;sid:84079926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216827)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.166.89.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216827/; classtype:trojan-activity;sid:84079927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216828)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.115.103.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216828/; classtype:trojan-activity;sid:84079928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216803)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.34.209.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216803/; classtype:trojan-activity;sid:84079903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216804)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.19.172.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216804/; classtype:trojan-activity;sid:84079904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216800)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"98.103.171.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216800/; classtype:trojan-activity;sid:84079900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.154.93.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216794/; classtype:trojan-activity;sid:84079894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216795)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.194.25.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216795/; classtype:trojan-activity;sid:84079895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216796)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.192.22.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216796/; classtype:trojan-activity;sid:84079896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216776)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.97.185.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216776/; classtype:trojan-activity;sid:84079876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216779)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.247.206.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216779/; classtype:trojan-activity;sid:84079879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216780)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.96.214.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216780/; classtype:trojan-activity;sid:84079880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216784)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.97.137.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216784/; classtype:trojan-activity;sid:84079884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216785)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.69.88.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216785/; classtype:trojan-activity;sid:84079885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216767)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.70.204.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216767/; classtype:trojan-activity;sid:84079867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216769)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.170.119.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216769/; classtype:trojan-activity;sid:84079869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216770)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.97.185.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216770/; classtype:trojan-activity;sid:84079870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.231.14.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216772/; classtype:trojan-activity;sid:84079872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216774)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.18.128.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216774/; classtype:trojan-activity;sid:84079874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216775)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.70.238.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216775/; classtype:trojan-activity;sid:84079875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.7.209.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216761/; classtype:trojan-activity;sid:84079861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216763)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216763/; classtype:trojan-activity;sid:84079863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216751)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.170.203.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216751/; classtype:trojan-activity;sid:84079851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.230.153.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216747/; classtype:trojan-activity;sid:84079847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.92.143.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216750/; classtype:trojan-activity;sid:84079850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216730)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.155.64.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216730/; classtype:trojan-activity;sid:84079830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216731)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.224.243.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216731/; classtype:trojan-activity;sid:84079831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216732)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.124.33.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216732/; classtype:trojan-activity;sid:84079832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216735)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.0.129.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216735/; classtype:trojan-activity;sid:84079835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216737)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.147.127.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216737/; classtype:trojan-activity;sid:84079837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216739)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.64.210.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216739/; classtype:trojan-activity;sid:84079839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216740)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.77.74.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216740/; classtype:trojan-activity;sid:84079840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216742)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.197.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216742/; classtype:trojan-activity;sid:84079842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216743)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.217.148.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216743/; classtype:trojan-activity;sid:84079843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216744)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.29.19.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216744/; classtype:trojan-activity;sid:84079844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.57.69.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216722/; classtype:trojan-activity;sid:84079822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.190.76.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216723/; classtype:trojan-activity;sid:84079823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.34.7.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216724/; classtype:trojan-activity;sid:84079824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216727)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.4.70.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216727/; classtype:trojan-activity;sid:84079827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216720)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.214.56.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216720/; classtype:trojan-activity;sid:84079820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.193.120.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216715/; classtype:trojan-activity;sid:84079815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216713)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.138.68.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216713/; classtype:trojan-activity;sid:84079813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.211.135.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216710/; classtype:trojan-activity;sid:84079810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216704)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.135.26.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216704/; classtype:trojan-activity;sid:84079804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216707)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.0.136.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216707/; classtype:trojan-activity;sid:84079807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216709)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.92.207.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216709/; classtype:trojan-activity;sid:84079809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216678)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.142.114.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216678/; classtype:trojan-activity;sid:84079778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216680)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.42.121.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216680/; classtype:trojan-activity;sid:84079780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216682)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.66.151.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216682/; classtype:trojan-activity;sid:84079782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216683)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.97.185.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216683/; classtype:trojan-activity;sid:84079783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216684)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.147.120.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216684/; classtype:trojan-activity;sid:84079784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.151.56.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216685/; classtype:trojan-activity;sid:84079785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216686)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.119.193.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216686/; classtype:trojan-activity;sid:84079786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216687)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.188.215.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216687/; classtype:trojan-activity;sid:84079787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216688)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.218.189.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216688/; classtype:trojan-activity;sid:84079788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216690)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.85.176.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216690/; classtype:trojan-activity;sid:84079790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216692)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"130.185.229.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216692/; classtype:trojan-activity;sid:84079792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216694)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.151.143.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216694/; classtype:trojan-activity;sid:84079794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216696)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.129.106.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216696/; classtype:trojan-activity;sid:84079796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216698)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.128.81.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216698/; classtype:trojan-activity;sid:84079798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216699)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.211.250.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216699/; classtype:trojan-activity;sid:84079799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.61.163.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216700/; classtype:trojan-activity;sid:84079800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216702)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.169.146.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216702/; classtype:trojan-activity;sid:84079802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216675)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.36.25.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216675/; classtype:trojan-activity;sid:84079775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216672)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.214.56.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216672/; classtype:trojan-activity;sid:84079772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216674)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.141.182.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216674/; classtype:trojan-activity;sid:84079774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.232.94.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216671/; classtype:trojan-activity;sid:84079771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.28.58.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216670/; classtype:trojan-activity;sid:84079770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216648)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.82.211.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216648/; classtype:trojan-activity;sid:84079748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216650)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.53.164.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216650/; classtype:trojan-activity;sid:84079750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216651)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.137.36.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216651/; classtype:trojan-activity;sid:84079751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216652)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"63.78.214.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216652/; classtype:trojan-activity;sid:84079752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216653)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.72.6.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216653/; classtype:trojan-activity;sid:84079753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216656)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.150.253.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216656/; classtype:trojan-activity;sid:84079756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216658)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.236.46.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216658/; classtype:trojan-activity;sid:84079758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.193.118.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216661/; classtype:trojan-activity;sid:84079761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216663)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.100.50.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216663/; classtype:trojan-activity;sid:84079763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.245.10.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216664/; classtype:trojan-activity;sid:84079764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.140.176.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216665/; classtype:trojan-activity;sid:84079765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.223.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216666/; classtype:trojan-activity;sid:84079766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216667)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.213.121.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216667/; classtype:trojan-activity;sid:84079767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216641)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.5.61.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216641/; classtype:trojan-activity;sid:84079741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216642)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.67.115.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216642/; classtype:trojan-activity;sid:84079742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216644)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.190.109.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216644/; classtype:trojan-activity;sid:84079744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216646)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.253.205.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216646/; classtype:trojan-activity;sid:84079746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216637)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.147.93.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216637/; classtype:trojan-activity;sid:84079737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216634)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.204.58.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216634/; classtype:trojan-activity;sid:84079734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216636)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"147.91.249.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216636/; classtype:trojan-activity;sid:84079736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216633)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.156.46.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216633/; classtype:trojan-activity;sid:84079733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216626)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.0.129.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216626/; classtype:trojan-activity;sid:84079726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216627)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.160.102.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216627/; classtype:trojan-activity;sid:84079727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216629)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.40.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216629/; classtype:trojan-activity;sid:84079729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216630)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.58.83.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216630/; classtype:trojan-activity;sid:84079730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216606)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.208.56.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216606/; classtype:trojan-activity;sid:84079706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216607)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.247.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216607/; classtype:trojan-activity;sid:84079707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.218.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216608/; classtype:trojan-activity;sid:84079708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216609)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"174.7.42.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216609/; classtype:trojan-activity;sid:84079709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216610)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"150.129.202.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216610/; classtype:trojan-activity;sid:84079710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216611)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.188.254.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216611/; classtype:trojan-activity;sid:84079711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.200.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216613/; classtype:trojan-activity;sid:84079713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.153.22.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216614/; classtype:trojan-activity;sid:84079714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216615)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.10.211.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216615/; classtype:trojan-activity;sid:84079715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216616)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.100.49.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216616/; classtype:trojan-activity;sid:84079716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216617)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.233.158.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216617/; classtype:trojan-activity;sid:84079717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216619)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.95.14.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216619/; classtype:trojan-activity;sid:84079719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216621)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.15.254.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216621/; classtype:trojan-activity;sid:84079721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216622)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.66.105.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216622/; classtype:trojan-activity;sid:84079722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216624)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"136.169.119.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216624/; classtype:trojan-activity;sid:84079724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216599)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.6.74.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216599/; classtype:trojan-activity;sid:84079699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216600)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.233.63.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216600/; classtype:trojan-activity;sid:84079700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216602)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.18.223.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216602/; classtype:trojan-activity;sid:84079702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216603)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.186.54.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216603/; classtype:trojan-activity;sid:84079703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216604)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.7.20.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216604/; classtype:trojan-activity;sid:84079704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216598)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.49.0.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216598/; classtype:trojan-activity;sid:84079698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216593)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.169.235.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216593/; classtype:trojan-activity;sid:84079693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216594)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.159.74.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216594/; classtype:trojan-activity;sid:84079694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.137.36.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216591/; classtype:trojan-activity;sid:84079691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216572)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.248.56.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216572/; classtype:trojan-activity;sid:84079672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216574)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.189.125.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216574/; classtype:trojan-activity;sid:84079674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216575)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.252.86.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216575/; classtype:trojan-activity;sid:84079675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216576)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.129.2.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216576/; classtype:trojan-activity;sid:84079676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216577)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.247.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216577/; classtype:trojan-activity;sid:84079677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216578)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.76.195.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216578/; classtype:trojan-activity;sid:84079678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216581)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.2.237.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216581/; classtype:trojan-activity;sid:84079681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216582)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.244.169.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216582/; classtype:trojan-activity;sid:84079682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.77.228.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216583/; classtype:trojan-activity;sid:84079683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.91.236.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216584/; classtype:trojan-activity;sid:84079684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216586)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.163.170.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216586/; classtype:trojan-activity;sid:84079686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216588)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.200.203.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216588/; classtype:trojan-activity;sid:84079688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216552)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.255.42.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216552/; classtype:trojan-activity;sid:84079652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216553)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.180.9.57"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216553/; classtype:trojan-activity;sid:84079653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216556)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.170.112.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216556/; classtype:trojan-activity;sid:84079656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216557)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.170.116.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216557/; classtype:trojan-activity;sid:84079657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216559)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.46.170.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216559/; classtype:trojan-activity;sid:84079659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216560)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.9.34.78"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216560/; classtype:trojan-activity;sid:84079660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216561)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.148.5.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216561/; classtype:trojan-activity;sid:84079661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216562)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.164.252.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216562/; classtype:trojan-activity;sid:84079662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216564)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.221.111.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216564/; classtype:trojan-activity;sid:84079664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216565)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.30.85.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216565/; classtype:trojan-activity;sid:84079665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216567)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.200.63.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216567/; classtype:trojan-activity;sid:84079667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216568)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.251.68.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216568/; classtype:trojan-activity;sid:84079668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"150.129.202.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216569/; classtype:trojan-activity;sid:84079669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216551)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"75.183.98.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216551/; classtype:trojan-activity;sid:84079651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216550)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.161.217.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216550/; classtype:trojan-activity;sid:84079650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216537)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.242.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216537/; classtype:trojan-activity;sid:84079637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216538)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.151.163.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216538/; classtype:trojan-activity;sid:84079638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216542)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.74.144.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216542/; classtype:trojan-activity;sid:84079642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216545)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.224.100.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216545/; classtype:trojan-activity;sid:84079645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.36.68.156"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216511/; classtype:trojan-activity;sid:84079611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216512)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.143.124.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216512/; classtype:trojan-activity;sid:84079612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216514)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.213.157.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216514/; classtype:trojan-activity;sid:84079614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216517)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.62.233.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216517/; classtype:trojan-activity;sid:84079617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216518)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.147.132.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216518/; classtype:trojan-activity;sid:84079618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216519)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.4.44.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216519/; classtype:trojan-activity;sid:84079619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216520)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.71.46.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216520/; classtype:trojan-activity;sid:84079620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216527)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.66.150.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216527/; classtype:trojan-activity;sid:84079627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.66.139.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216529/; classtype:trojan-activity;sid:84079629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216532)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.28.58.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216532/; classtype:trojan-activity;sid:84079632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216534)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.61.103.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216534/; classtype:trojan-activity;sid:84079634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216535)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.63.242.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216535/; classtype:trojan-activity;sid:84079635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216536)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.1.157.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216536/; classtype:trojan-activity;sid:84079636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216509)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.202.49.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216509/; classtype:trojan-activity;sid:84079609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216510)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.225.186.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216510/; classtype:trojan-activity;sid:84079610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216507)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.175.223.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216507/; classtype:trojan-activity;sid:84079607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216506)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.140.13.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216506/; classtype:trojan-activity;sid:84079606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216503)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.180.35.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216503/; classtype:trojan-activity;sid:84079603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216480)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.80.244.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216480/; classtype:trojan-activity;sid:84079580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216481)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.78.75.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216481/; classtype:trojan-activity;sid:84079581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216484)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.22.48.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216484/; classtype:trojan-activity;sid:84079584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216485)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.90.207.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216485/; classtype:trojan-activity;sid:84079585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.181.166.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216488/; classtype:trojan-activity;sid:84079588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216489)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.11.216.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216489/; classtype:trojan-activity;sid:84079589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216490)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.212.52.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216490/; classtype:trojan-activity;sid:84079590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216491)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.26.81.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216491/; classtype:trojan-activity;sid:84079591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216493)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.201.160.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216493/; classtype:trojan-activity;sid:84079593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216496)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.12.6.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216496/; classtype:trojan-activity;sid:84079596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216497)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"174.78.254.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216497/; classtype:trojan-activity;sid:84079597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.66.108.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216498/; classtype:trojan-activity;sid:84079598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216499)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.252.66.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216499/; classtype:trojan-activity;sid:84079599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216500)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.101.191.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216500/; classtype:trojan-activity;sid:84079600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216501)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.21.223.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216501/; classtype:trojan-activity;sid:84079601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216502)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.227.118.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216502/; classtype:trojan-activity;sid:84079602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216470)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.223.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216470/; classtype:trojan-activity;sid:84079570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216471)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.186.54.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216471/; classtype:trojan-activity;sid:84079571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216475)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.124.61.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216475/; classtype:trojan-activity;sid:84079575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216478)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.133.214.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216478/; classtype:trojan-activity;sid:84079578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216479)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.82.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216479/; classtype:trojan-activity;sid:84079579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216468)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.69.88.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216468/; classtype:trojan-activity;sid:84079568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216464)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.237.250.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216464/; classtype:trojan-activity;sid:84079564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216463)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.231.226.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216463/; classtype:trojan-activity;sid:84079563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216457)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"223.247.198.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216457/; classtype:trojan-activity;sid:84079557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216456)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.43.104.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216456/; classtype:trojan-activity;sid:84079556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216452)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"123.235.29.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216452/; classtype:trojan-activity;sid:84079552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216450)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"180.167.115.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216450/; classtype:trojan-activity;sid:84079550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216448)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"58.152.32.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216448/; classtype:trojan-activity;sid:84079548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216443)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.249.142.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216443/; classtype:trojan-activity;sid:84079543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216440)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"114.215.27.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216440/; classtype:trojan-activity;sid:84079540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216434)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.115.56.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216434/; classtype:trojan-activity;sid:84079534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216435)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"24.93.22.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216435/; classtype:trojan-activity;sid:84079535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216430)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.122.191.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216430/; classtype:trojan-activity;sid:84079530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216429)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"123.132.224.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216429/; classtype:trojan-activity;sid:84079529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216425)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.211.15.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216425/; classtype:trojan-activity;sid:84079525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216422)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"60.29.43.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216422/; classtype:trojan-activity;sid:84079522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216421)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.92.214.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216421/; classtype:trojan-activity;sid:84079521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216420)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"165.220.157.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216420/; classtype:trojan-activity;sid:84079520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216418)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.249.6.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216418/; classtype:trojan-activity;sid:84079518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216419)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.121.161.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216419/; classtype:trojan-activity;sid:84079519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216413)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.98.186.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216413/; classtype:trojan-activity;sid:84079513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216411)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"219.73.22.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216411/; classtype:trojan-activity;sid:84079511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216409)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.127.74.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216409/; classtype:trojan-activity;sid:84079509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216406)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.232.126.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216406/; classtype:trojan-activity;sid:84079506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216404)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"150.158.25.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216404/; classtype:trojan-activity;sid:84079504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216403)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"223.247.198.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216403/; classtype:trojan-activity;sid:84079503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216396)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.43.104.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216396/; classtype:trojan-activity;sid:84079496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216392)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"119.45.127.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216392/; classtype:trojan-activity;sid:84079492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216393)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.219.177.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216393/; classtype:trojan-activity;sid:84079493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216389)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.214.180.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216389/; classtype:trojan-activity;sid:84079489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216384)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.132.12.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216384/; classtype:trojan-activity;sid:84079484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216382)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216382/; classtype:trojan-activity;sid:84079482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216380)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"211.220.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216380/; classtype:trojan-activity;sid:84079480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216377)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.110.15.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216377/; classtype:trojan-activity;sid:84079477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216376)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.104.169.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216376/; classtype:trojan-activity;sid:84079476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216372)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216372/; classtype:trojan-activity;sid:84079472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216365)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216365/; classtype:trojan-activity;sid:84079465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216353)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.117.136.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216353/; classtype:trojan-activity;sid:84079453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216349)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.225.217.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216349/; classtype:trojan-activity;sid:84079449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216334)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.132.13.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216334/; classtype:trojan-activity;sid:84079434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216329)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"181.36.153.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216329/; classtype:trojan-activity;sid:84079429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216327)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.240.97.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216327/; classtype:trojan-activity;sid:84079427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216326)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.156.110.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216326/; classtype:trojan-activity;sid:84079426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216324)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.109.126.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216324/; classtype:trojan-activity;sid:84079424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216323)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.228.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216323/; classtype:trojan-activity;sid:84079423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"184.185.30.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216322/; classtype:trojan-activity;sid:84079422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216321)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.64.155.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216321/; classtype:trojan-activity;sid:84079421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216320)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.211.112.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216320/; classtype:trojan-activity;sid:84079420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216319)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.58.56.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216319/; classtype:trojan-activity;sid:84079419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216318)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.219.74.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216318/; classtype:trojan-activity;sid:84079418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216314)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.108.119.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216314/; classtype:trojan-activity;sid:84079414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216312)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"75.8.215.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216312/; classtype:trojan-activity;sid:84079412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216306)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216306/; classtype:trojan-activity;sid:84079406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216305)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.218.175.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216305/; classtype:trojan-activity;sid:84079405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216304)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.17.23.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216304/; classtype:trojan-activity;sid:84079404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216302)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.187.151.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216302/; classtype:trojan-activity;sid:84079402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216303)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.195.82.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216303/; classtype:trojan-activity;sid:84079403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216301)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.200.106.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216301/; classtype:trojan-activity;sid:84079401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.190.70.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215858/; classtype:trojan-activity;sid:84078958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.236.126.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215857/; classtype:trojan-activity;sid:84078957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.128.81.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215845/; classtype:trojan-activity;sid:84078945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"210.4.70.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215846/; classtype:trojan-activity;sid:84078946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.210.27.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215838/; classtype:trojan-activity;sid:84078938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"156.155.176.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215839/; classtype:trojan-activity;sid:84078939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.124.61.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215842/; classtype:trojan-activity;sid:84078942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.252.8.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215843/; classtype:trojan-activity;sid:84078943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.118.112.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215834/; classtype:trojan-activity;sid:84078934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.202.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215835/; classtype:trojan-activity;sid:84078935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.74.207.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215832/; classtype:trojan-activity;sid:84078932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.97.185.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215822/; classtype:trojan-activity;sid:84078922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.217.215.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215823/; classtype:trojan-activity;sid:84078923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.147.225.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215826/; classtype:trojan-activity;sid:84078926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.74.246.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215827/; classtype:trojan-activity;sid:84078927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.15.239.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215830/; classtype:trojan-activity;sid:84078930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.57.69.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215816/; classtype:trojan-activity;sid:84078916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.36.25.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215817/; classtype:trojan-activity;sid:84078917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.214.56.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215810/; classtype:trojan-activity;sid:84078910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.205.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215811/; classtype:trojan-activity;sid:84078911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.85.176.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215800/; classtype:trojan-activity;sid:84078900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.233.158.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215805/; classtype:trojan-activity;sid:84078905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.252.86.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215806/; classtype:trojan-activity;sid:84078906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.95.14.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215809/; classtype:trojan-activity;sid:84078909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.151.108.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215780/; classtype:trojan-activity;sid:84078880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.56.172.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215781/; classtype:trojan-activity;sid:84078881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.233.63.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215785/; classtype:trojan-activity;sid:84078885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.187.7.29"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215787/; classtype:trojan-activity;sid:84078887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.186.54.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215788/; classtype:trojan-activity;sid:84078888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.11.216.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215791/; classtype:trojan-activity;sid:84078891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.184.179.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215792/; classtype:trojan-activity;sid:84078892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.112.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215793/; classtype:trojan-activity;sid:84078893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.70.238.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215794/; classtype:trojan-activity;sid:84078894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.221.111.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215795/; classtype:trojan-activity;sid:84078895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.147.119.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215796/; classtype:trojan-activity;sid:84078896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.119.193.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215775/; classtype:trojan-activity;sid:84078875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.156.224.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215776/; classtype:trojan-activity;sid:84078876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.197.160.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215772/; classtype:trojan-activity;sid:84078872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.172.187.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215485/; classtype:trojan-activity;sid:84078585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.16.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215484/; classtype:trojan-activity;sid:84078584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.203.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215481/; classtype:trojan-activity;sid:84078581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.26.81.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215483/; classtype:trojan-activity;sid:84078583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.160.102.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215478/; classtype:trojan-activity;sid:84078578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.103.100.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215471/; classtype:trojan-activity;sid:84078571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.153.80.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215472/; classtype:trojan-activity;sid:84078572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.155.92.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215473/; classtype:trojan-activity;sid:84078573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.214.56.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215474/; classtype:trojan-activity;sid:84078574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.135.26.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215476/; classtype:trojan-activity;sid:84078576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"208.68.68.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215467/; classtype:trojan-activity;sid:84078567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.119.151.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215468/; classtype:trojan-activity;sid:84078568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.247.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215469/; classtype:trojan-activity;sid:84078569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.97.185.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215462/; classtype:trojan-activity;sid:84078562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.98.186.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215464/; classtype:trojan-activity;sid:84078564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.131.234.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215465/; classtype:trojan-activity;sid:84078565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.253.126.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215450/; classtype:trojan-activity;sid:84078550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.97.185.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215451/; classtype:trojan-activity;sid:84078551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.78.75.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215452/; classtype:trojan-activity;sid:84078552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.107.239.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215453/; classtype:trojan-activity;sid:84078553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.90.207.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215455/; classtype:trojan-activity;sid:84078555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.195.82.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215456/; classtype:trojan-activity;sid:84078556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.18.128.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215459/; classtype:trojan-activity;sid:84078559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.9.34.78"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215447/; classtype:trojan-activity;sid:84078547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.223.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215449/; classtype:trojan-activity;sid:84078549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.218.42.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215442/; classtype:trojan-activity;sid:84078542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.91.236.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215434/; classtype:trojan-activity;sid:84078534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.94.219.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215435/; classtype:trojan-activity;sid:84078535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.140.13.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215439/; classtype:trojan-activity;sid:84078539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"184.185.30.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215440/; classtype:trojan-activity;sid:84078540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.211.15.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215424/; classtype:trojan-activity;sid:84078524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.82.211.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215425/; classtype:trojan-activity;sid:84078525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.200.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215426/; classtype:trojan-activity;sid:84078526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.147.127.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215427/; classtype:trojan-activity;sid:84078527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"206.214.35.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215422/; classtype:trojan-activity;sid:84078522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.186.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215420/; classtype:trojan-activity;sid:84078520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.235.33.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215416/; classtype:trojan-activity;sid:84078516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.255.217.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215417/; classtype:trojan-activity;sid:84078517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.218.93.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215408/; classtype:trojan-activity;sid:84078508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.7.209.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215409/; classtype:trojan-activity;sid:84078509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.196.120.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215410/; classtype:trojan-activity;sid:84078510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"130.185.229.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215411/; classtype:trojan-activity;sid:84078511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.97.185.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215414/; classtype:trojan-activity;sid:84078514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.143.114.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215403/; classtype:trojan-activity;sid:84078503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.223.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215404/; classtype:trojan-activity;sid:84078504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.118.121.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215401/; classtype:trojan-activity;sid:84078501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"70.166.89.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215390/; classtype:trojan-activity;sid:84078490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.203.89.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215392/; classtype:trojan-activity;sid:84078492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"134.249.141.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215393/; classtype:trojan-activity;sid:84078493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.211.250.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215398/; classtype:trojan-activity;sid:84078498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.231.14.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215399/; classtype:trojan-activity;sid:84078499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.251.68.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215384/; classtype:trojan-activity;sid:84078484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.204.58.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215387/; classtype:trojan-activity;sid:84078487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.61.103.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215388/; classtype:trojan-activity;sid:84078488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.46.170.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215382/; classtype:trojan-activity;sid:84078482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.232.94.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215376/; classtype:trojan-activity;sid:84078476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.15.85.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215377/; classtype:trojan-activity;sid:84078477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.97.137.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215379/; classtype:trojan-activity;sid:84078479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.23.192.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215366/; classtype:trojan-activity;sid:84078466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.213.121.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215368/; classtype:trojan-activity;sid:84078468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.160.128.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215369/; classtype:trojan-activity;sid:84078469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.238.209.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215371/; classtype:trojan-activity;sid:84078471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.218.189.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215358/; classtype:trojan-activity;sid:84078458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.166.197.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215359/; classtype:trojan-activity;sid:84078459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.147.132.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215362/; classtype:trojan-activity;sid:84078462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.15.254.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215365/; classtype:trojan-activity;sid:84078465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.211.135.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215356/; classtype:trojan-activity;sid:84078456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.224.162.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215357/; classtype:trojan-activity;sid:84078457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215297)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.148.5.183"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215297/; classtype:trojan-activity;sid:84078397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215259)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215259/; classtype:trojan-activity;sid:84078359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215255)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.141.166.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215255/; classtype:trojan-activity;sid:84078355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214611)"; flow:established,from_client; content:"GET"; http_method; content:"/999.html"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.245.12.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214611/; classtype:trojan-activity;sid:84077711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214582)"; flow:established,from_client; content:"GET"; http_method; content:"/999.html"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.245.12.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214582/; classtype:trojan-activity;sid:84077682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214579)"; flow:established,from_client; content:"GET"; http_method; content:"/test/svchost.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"156.245.12.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214579/; classtype:trojan-activity;sid:84077679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214578)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"156.245.12.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214578/; classtype:trojan-activity;sid:84077678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214166)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.108.134.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214166/; classtype:trojan-activity;sid:84077266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214137)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.252.182.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214137/; classtype:trojan-activity;sid:84077237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214136)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.97.105.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214136/; classtype:trojan-activity;sid:84077236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214106)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"113.250.188.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214106/; classtype:trojan-activity;sid:84077206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214119)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.244.167.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214119/; classtype:trojan-activity;sid:84077219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214099)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.15.224.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214099/; classtype:trojan-activity;sid:84077199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214078)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.247.214.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214078/; classtype:trojan-activity;sid:84077178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3213897)"; flow:established,from_client; content:"GET"; http_method; content:"/matinrco/tor/releases/download/v0.4.5.10/tor-expert-bundle-v0.4.5.10.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3213897/; classtype:trojan-activity;sid:84076997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3213563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.247.214.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3213563/; classtype:trojan-activity;sid:84076663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3213507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.247.214.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3213507/; classtype:trojan-activity;sid:84076607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208612)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ewpeloxttug.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208612/; classtype:trojan-activity;sid:84071712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208614)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rstxdhuj.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208614/; classtype:trojan-activity;sid:84071714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208610)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/newbundle2.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208610/; classtype:trojan-activity;sid:84071710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208611)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummetc.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208611/; classtype:trojan-activity;sid:84071711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208605)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lgendpremium.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208605/; classtype:trojan-activity;sid:84071705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208603)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/deliciouspart.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208603/; classtype:trojan-activity;sid:84071703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208604)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pkcontent.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208604/; classtype:trojan-activity;sid:84071704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208315)"; flow:established,from_client; content:"GET"; http_method; content:"/download/3d%20builder_12_1201419.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"znrq.zifwxq.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208315/; classtype:trojan-activity;sid:84071415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208139)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.196.95.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208139/; classtype:trojan-activity;sid:84071239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3207955)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.14.126.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3207955/; classtype:trojan-activity;sid:84071055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3206293)"; flow:established,from_client; content:"GET"; http_method; content:"/ox2fa/justnow/refs/heads/main/2pac.php"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3206293/; classtype:trojan-activity;sid:84069393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"192.176.50.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204753/; classtype:trojan-activity;sid:84067853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.176.50.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204733/; classtype:trojan-activity;sid:84067833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3203017)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/drg/rtc/f3dll.txt"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_01; reference:url, urlhaus.abuse.ch/url/3203017/; classtype:trojan-activity;sid:84066117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202083)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/envs/dj1.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202083/; classtype:trojan-activity;sid:84065183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3201686)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=18-jwgmnsvcsyj0vhz_f9cqmqhwd-8fq8"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3201686/; classtype:trojan-activity;sid:84064786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3200548)"; flow:established,from_client; content:"GET"; http_method; content:"/slinky/slinkycrack.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"crystalpvp.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_29; reference:url, urlhaus.abuse.ch/url/3200548/; classtype:trojan-activity;sid:84063648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198896)"; flow:established,from_client; content:"GET"; http_method; content:"/itplan.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"storage.soowim.co.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198896/; classtype:trojan-activity;sid:84061996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198884)"; flow:established,from_client; content:"GET"; http_method; content:"/itplan.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"storage.soowim.co.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198884/; classtype:trojan-activity;sid:84061984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198873)"; flow:established,from_client; content:"GET"; http_method; content:"/it_plan_cifs.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"storage.soowim.co.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198873/; classtype:trojan-activity;sid:84061973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198849)"; flow:established,from_client; content:"GET"; http_method; content:"/tstory.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"storage.soowim.co.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198849/; classtype:trojan-activity;sid:84061949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198764)"; flow:established,from_client; content:"GET"; http_method; content:"/host.out"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.50.0.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198764/; classtype:trojan-activity;sid:84061864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198759)"; flow:established,from_client; content:"GET"; http_method; content:"/psexec64.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"storage.soowim.co.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198759/; classtype:trojan-activity;sid:84061859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198753)"; flow:established,from_client; content:"GET"; http_method; content:"/pinginfoview.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"139.198.15.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198753/; classtype:trojan-activity;sid:84061853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198713)"; flow:established,from_client; content:"GET"; http_method; content:"/tstory.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"storage.soowim.co.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198713/; classtype:trojan-activity;sid:84061813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198696)"; flow:established,from_client; content:"GET"; http_method; content:"/cen22.php"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.100.33.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198696/; classtype:trojan-activity;sid:84061796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195888)"; flow:established,from_client; content:"GET"; http_method; content:"/dllgiris.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"78.188.137.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195888/; classtype:trojan-activity;sid:84058988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195887)"; flow:established,from_client; content:"GET"; http_method; content:"/dllgiris.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"212.98.231.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195887/; classtype:trojan-activity;sid:84058987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195883)"; flow:established,from_client; content:"GET"; http_method; content:"/scanport.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"139.198.15.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195883/; classtype:trojan-activity;sid:84058983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195851)"; flow:established,from_client; content:"GET"; http_method; content:"/hid.dll"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"112.124.28.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195851/; classtype:trojan-activity;sid:84058951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195849)"; flow:established,from_client; content:"GET"; http_method; content:"/nc.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.124.28.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195849/; classtype:trojan-activity;sid:84058949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195848)"; flow:established,from_client; content:"GET"; http_method; content:"/client-built.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"39.105.31.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195848/; classtype:trojan-activity;sid:84058948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195847)"; flow:established,from_client; content:"GET"; http_method; content:"/abc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"39.105.31.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195847/; classtype:trojan-activity;sid:84058947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195831)"; flow:established,from_client; content:"GET"; http_method; content:"/winbox/winbox.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.123.98.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195831/; classtype:trojan-activity;sid:84058931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195832)"; flow:established,from_client; content:"GET"; http_method; content:"/winbox/winbox.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.123.98.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195832/; classtype:trojan-activity;sid:84058932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195759)"; flow:established,from_client; content:"GET"; http_method; content:"/pornhub_downloader.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"43.240.65.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195759/; classtype:trojan-activity;sid:84058859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195736)"; flow:established,from_client; content:"GET"; http_method; content:"/fx8"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"123.57.250.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195736/; classtype:trojan-activity;sid:84058836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195292)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%b8%85%e7%90%86%e5%9e%83%e5%9c%be.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"39.103.217.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195292/; classtype:trojan-activity;sid:84058392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195274)"; flow:established,from_client; content:"GET"; http_method; content:"/pesinislem.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"78.186.157.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195274/; classtype:trojan-activity;sid:84058374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195275)"; flow:established,from_client; content:"GET"; http_method; content:"/pesinislem.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"212.156.209.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195275/; classtype:trojan-activity;sid:84058375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195257)"; flow:established,from_client; content:"GET"; http_method; content:"/fiddlersetup.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193.123.237.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195257/; classtype:trojan-activity;sid:84058357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195255)"; flow:established,from_client; content:"GET"; http_method; content:"/exsync.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"58.137.135.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195255/; classtype:trojan-activity;sid:84058355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195234)"; flow:established,from_client; content:"GET"; http_method; content:"/macro2.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195234/; classtype:trojan-activity;sid:84058334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195237)"; flow:established,from_client; content:"GET"; http_method; content:"/macro.vbs"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195237/; classtype:trojan-activity;sid:84058337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195221)"; flow:established,from_client; content:"GET"; http_method; content:"/ubolite_0.1.23.6055.chromium.mv3.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195221/; classtype:trojan-activity;sid:84058321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195215)"; flow:established,from_client; content:"GET"; http_method; content:"/utility.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195215/; classtype:trojan-activity;sid:84058315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195216)"; flow:established,from_client; content:"GET"; http_method; content:"/journal.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195216/; classtype:trojan-activity;sid:84058316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195217)"; flow:established,from_client; content:"GET"; http_method; content:"/monitor.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195217/; classtype:trojan-activity;sid:84058317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195218)"; flow:established,from_client; content:"GET"; http_method; content:"/documents.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195218/; classtype:trojan-activity;sid:84058318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195219)"; flow:established,from_client; content:"GET"; http_method; content:"/macro3.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195219/; classtype:trojan-activity;sid:84058319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195220)"; flow:established,from_client; content:"GET"; http_method; content:"/bypass.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195220/; classtype:trojan-activity;sid:84058320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195211)"; flow:established,from_client; content:"GET"; http_method; content:"/macro.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195211/; classtype:trojan-activity;sid:84058311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195212)"; flow:established,from_client; content:"GET"; http_method; content:"/tracker.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195212/; classtype:trojan-activity;sid:84058312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195213)"; flow:established,from_client; content:"GET"; http_method; content:"/excel.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195213/; classtype:trojan-activity;sid:84058313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195214)"; flow:established,from_client; content:"GET"; http_method; content:"/setup.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195214/; classtype:trojan-activity;sid:84058314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195210)"; flow:established,from_client; content:"GET"; http_method; content:"/prototype2.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195210/; classtype:trojan-activity;sid:84058310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195204)"; flow:established,from_client; content:"GET"; http_method; content:"/launcher.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195204/; classtype:trojan-activity;sid:84058304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195205)"; flow:established,from_client; content:"GET"; http_method; content:"/documentsexe.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195205/; classtype:trojan-activity;sid:84058305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195206)"; flow:established,from_client; content:"GET"; http_method; content:"/organiser3.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195206/; classtype:trojan-activity;sid:84058306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195207)"; flow:established,from_client; content:"GET"; http_method; content:"/beta2.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195207/; classtype:trojan-activity;sid:84058307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195198)"; flow:established,from_client; content:"GET"; http_method; content:"/organiser2.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195198/; classtype:trojan-activity;sid:84058298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195199)"; flow:established,from_client; content:"GET"; http_method; content:"/extension2.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195199/; classtype:trojan-activity;sid:84058299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195200)"; flow:established,from_client; content:"GET"; http_method; content:"/accounts.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195200/; classtype:trojan-activity;sid:84058300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195201)"; flow:established,from_client; content:"GET"; http_method; content:"/trial.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195201/; classtype:trojan-activity;sid:84058301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195202)"; flow:established,from_client; content:"GET"; http_method; content:"/extension.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195202/; classtype:trojan-activity;sid:84058302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195203)"; flow:established,from_client; content:"GET"; http_method; content:"/prototype.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195203/; classtype:trojan-activity;sid:84058303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195187)"; flow:established,from_client; content:"GET"; http_method; content:"/journal.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195187/; classtype:trojan-activity;sid:84058287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195188)"; flow:established,from_client; content:"GET"; http_method; content:"/monitor.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195188/; classtype:trojan-activity;sid:84058288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195189)"; flow:established,from_client; content:"GET"; http_method; content:"/utility2.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195189/; classtype:trojan-activity;sid:84058289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195190)"; flow:established,from_client; content:"GET"; http_method; content:"/avos.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195190/; classtype:trojan-activity;sid:84058290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195177)"; flow:established,from_client; content:"GET"; http_method; content:"/charter.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195177/; classtype:trojan-activity;sid:84058277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195179)"; flow:established,from_client; content:"GET"; http_method; content:"/excel.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195179/; classtype:trojan-activity;sid:84058279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195183)"; flow:established,from_client; content:"GET"; http_method; content:"/prototype.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195183/; classtype:trojan-activity;sid:84058283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195185)"; flow:established,from_client; content:"GET"; http_method; content:"/macro2.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195185/; classtype:trojan-activity;sid:84058285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195186)"; flow:established,from_client; content:"GET"; http_method; content:"/uploader.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195186/; classtype:trojan-activity;sid:84058286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195168)"; flow:established,from_client; content:"GET"; http_method; content:"/launcher.elf"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195168/; classtype:trojan-activity;sid:84058268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195169)"; flow:established,from_client; content:"GET"; http_method; content:"/uploader.elf"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195169/; classtype:trojan-activity;sid:84058269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195170)"; flow:established,from_client; content:"GET"; http_method; content:"/service.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195170/; classtype:trojan-activity;sid:84058270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195171)"; flow:established,from_client; content:"GET"; http_method; content:"/icon.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195171/; classtype:trojan-activity;sid:84058271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195172)"; flow:established,from_client; content:"GET"; http_method; content:"/extension2.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195172/; classtype:trojan-activity;sid:84058272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195173)"; flow:established,from_client; content:"GET"; http_method; content:"/organiser.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195173/; classtype:trojan-activity;sid:84058273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195174)"; flow:established,from_client; content:"GET"; http_method; content:"/tracker.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195174/; classtype:trojan-activity;sid:84058274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195175)"; flow:established,from_client; content:"GET"; http_method; content:"/utility3.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195175/; classtype:trojan-activity;sid:84058275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195176)"; flow:established,from_client; content:"GET"; http_method; content:"/meeting.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195176/; classtype:trojan-activity;sid:84058276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195166)"; flow:established,from_client; content:"GET"; http_method; content:"/aact.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"218.22.21.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195166/; classtype:trojan-activity;sid:84058266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195157)"; flow:established,from_client; content:"GET"; http_method; content:"/chromesetup.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"104.243.129.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195157/; classtype:trojan-activity;sid:84058257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195151)"; flow:established,from_client; content:"GET"; http_method; content:"/aq.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.186.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195151/; classtype:trojan-activity;sid:84058251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3193861)"; flow:established,from_client; content:"GET"; http_method; content:"/massgravel/microsoft-activation-scripts/b1b5299c4725d97349b18b59061647198f7cc59b/mas/all-in-one-version-kl/mas_aio.cmd"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_27; reference:url, urlhaus.abuse.ch/url/3193861/; classtype:trojan-activity;sid:84056961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192740)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon.rar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192740/; classtype:trojan-activity;sid:84055840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192738)"; flow:established,from_client; content:"GET"; http_method; content:"/sq1mon-v.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192738/; classtype:trojan-activity;sid:84055838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192737)"; flow:established,from_client; content:"GET"; http_method; content:"/library.so"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192737/; classtype:trojan-activity;sid:84055837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192735)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192735/; classtype:trojan-activity;sid:84055835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192736)"; flow:established,from_client; content:"GET"; http_method; content:"/data.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192736/; classtype:trojan-activity;sid:84055836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192734)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192734/; classtype:trojan-activity;sid:84055834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192733)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon_lagacy.bin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192733/; classtype:trojan-activity;sid:84055833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192732)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192732/; classtype:trojan-activity;sid:84055832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192730)"; flow:established,from_client; content:"GET"; http_method; content:"/cabbage.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192730/; classtype:trojan-activity;sid:84055830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192568)"; flow:established,from_client; content:"GET"; http_method; content:"/mimikatz_trunk/win32/mimikatz.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"120.25.163.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192568/; classtype:trojan-activity;sid:84055668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190997)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190997/; classtype:trojan-activity;sid:84054097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190969)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"117.50.95.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190969/; classtype:trojan-activity;sid:84054069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190945)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.206.151.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190945/; classtype:trojan-activity;sid:84054045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190775)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190775/; classtype:trojan-activity;sid:84053875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190704)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190704/; classtype:trojan-activity;sid:84053804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190662)"; flow:established,from_client; content:"GET"; http_method; content:"/av_downloader1.1.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"43.240.65.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190662/; classtype:trojan-activity;sid:84053762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190652)"; flow:established,from_client; content:"GET"; http_method; content:"/pornhub_downloader.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.206.151.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190652/; classtype:trojan-activity;sid:84053752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190651)"; flow:established,from_client; content:"GET"; http_method; content:"/av_downloader1.1.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"116.206.151.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190651/; classtype:trojan-activity;sid:84053751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190642)"; flow:established,from_client; content:"GET"; http_method; content:"/pornhub_downloader.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.92.101.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190642/; classtype:trojan-activity;sid:84053742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190640)"; flow:established,from_client; content:"GET"; http_method; content:"/sysloader.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"8.138.81.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190640/; classtype:trojan-activity;sid:84053740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190579)"; flow:established,from_client; content:"GET"; http_method; content:"/nn"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"23.95.79.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190579/; classtype:trojan-activity;sid:84053679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190578)"; flow:established,from_client; content:"GET"; http_method; content:"/cnrig"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"23.95.79.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190578/; classtype:trojan-activity;sid:84053678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190347)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.68.74.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190347/; classtype:trojan-activity;sid:84053447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190343)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.63.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190343/; classtype:trojan-activity;sid:84053443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190344)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"110.239.6.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190344/; classtype:trojan-activity;sid:84053444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190338)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.63.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190338/; classtype:trojan-activity;sid:84053438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190326)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.63.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190326/; classtype:trojan-activity;sid:84053426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190327)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.63.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190327/; classtype:trojan-activity;sid:84053427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190328)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.63.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190328/; classtype:trojan-activity;sid:84053428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190331)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190331/; classtype:trojan-activity;sid:84053431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190332)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190332/; classtype:trojan-activity;sid:84053432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190333)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"110.239.6.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190333/; classtype:trojan-activity;sid:84053433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190335)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190335/; classtype:trojan-activity;sid:84053435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190336)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.63.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190336/; classtype:trojan-activity;sid:84053436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190325)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.63.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190325/; classtype:trojan-activity;sid:84053425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190320)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190320/; classtype:trojan-activity;sid:84053420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190321)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190321/; classtype:trojan-activity;sid:84053421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190322)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190322/; classtype:trojan-activity;sid:84053422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190323)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.68.74.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190323/; classtype:trojan-activity;sid:84053423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190316)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.223.106.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190316/; classtype:trojan-activity;sid:84053416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190317)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"112.4.110.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190317/; classtype:trojan-activity;sid:84053417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190318)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.223.106.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190318/; classtype:trojan-activity;sid:84053418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190319)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190319/; classtype:trojan-activity;sid:84053419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3189365)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/installeraus.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3189365/; classtype:trojan-activity;sid:84052465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3189290)"; flow:established,from_client; content:"GET"; http_method; content:"/2009/mdagfqvaa2gkfvxxponi.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3189290/; classtype:trojan-activity;sid:84052390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3189225)"; flow:established,from_client; content:"GET"; http_method; content:"/unknwon1352/qawfdasfaw/main/software.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3189225/; classtype:trojan-activity;sid:84052325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3188620)"; flow:established,from_client; content:"GET"; http_method; content:"/repository/aa_v3.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"83.149.17.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3188620/; classtype:trojan-activity;sid:84051720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3188034)"; flow:established,from_client; content:"GET"; http_method; content:"/blueskyxn/changesource/master/besttrace"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3188034/; classtype:trojan-activity;sid:84051134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187582)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/temp/_rels/key.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"pb.agnt.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187582/; classtype:trojan-activity;sid:84050682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187580)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/blackload.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187580/; classtype:trojan-activity;sid:84050680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187576)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/unison.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187576/; classtype:trojan-activity;sid:84050676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187577)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/winrarinstall.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187577/; classtype:trojan-activity;sid:84050677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187575)"; flow:established,from_client; content:"GET"; http_method; content:"/7z.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"down.mvip8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187575/; classtype:trojan-activity;sid:84050675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187570)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ufw.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187570/; classtype:trojan-activity;sid:84050670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187553)"; flow:established,from_client; content:"GET"; http_method; content:"/download/%e5%9b%9b%e6%96%b9%e5%b9%b3%e5%8f%b0-%e5%8d%a1%e5%95%86%e7%ab%af.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"sms-szfang.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187553/; classtype:trojan-activity;sid:84050653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186577)"; flow:established,from_client; content:"GET"; http_method; content:"/kmsauto%20net%202016%20v1.5.0%20portable.rar"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"212.39.67.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186577/; classtype:trojan-activity;sid:84049677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186441)"; flow:established,from_client; content:"GET"; http_method; content:"/dxl_win_tool_v9.6.iso"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186441/; classtype:trojan-activity;sid:84049541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186440)"; flow:established,from_client; content:"GET"; http_method; content:"/1-%e4%bf%ae%e6%94%b9%e7%ab%af%e5%8f%a3.iso"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186440/; classtype:trojan-activity;sid:84049540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186433)"; flow:established,from_client; content:"GET"; http_method; content:"/1_dxl_win_tool_v9.6.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"104.243.129.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186433/; classtype:trojan-activity;sid:84049533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186432)"; flow:established,from_client; content:"GET"; http_method; content:"/1-%e4%bf%ae%e6%94%b9%e7%ab%af%e5%8f%a3.iso"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"104.243.129.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186432/; classtype:trojan-activity;sid:84049532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186431)"; flow:established,from_client; content:"GET"; http_method; content:"/1-%e4%bf%ae%e6%94%b9%e7%ab%af%e5%8f%a3.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"104.243.129.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186431/; classtype:trojan-activity;sid:84049531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186430)"; flow:established,from_client; content:"GET"; http_method; content:"/1-%e4%bf%ae%e6%94%b9%e7%ab%af%e5%8f%a3.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186430/; classtype:trojan-activity;sid:84049530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186429)"; flow:established,from_client; content:"GET"; http_method; content:"/dxl_win_tool_v9.4.iso"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"104.243.129.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186429/; classtype:trojan-activity;sid:84049529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186426)"; flow:established,from_client; content:"GET"; http_method; content:"/1_dxl_windowsport.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"104.243.129.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186426/; classtype:trojan-activity;sid:84049526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186427)"; flow:established,from_client; content:"GET"; http_method; content:"/dxl_win_tool_v9.6.iso"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"104.243.129.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186427/; classtype:trojan-activity;sid:84049527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185948)"; flow:established,from_client; content:"GET"; http_method; content:"//macro.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185948/; classtype:trojan-activity;sid:84049048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185946)"; flow:established,from_client; content:"GET"; http_method; content:"//ubolite_0.1.23.6055.chromium.mv3.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185946/; classtype:trojan-activity;sid:84049046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185944)"; flow:established,from_client; content:"GET"; http_method; content:"//beta2.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185944/; classtype:trojan-activity;sid:84049044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185938)"; flow:established,from_client; content:"GET"; http_method; content:"//prototype.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185938/; classtype:trojan-activity;sid:84049038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185939)"; flow:established,from_client; content:"GET"; http_method; content:"//prototype2.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185939/; classtype:trojan-activity;sid:84049039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185940)"; flow:established,from_client; content:"GET"; http_method; content:"//journal.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185940/; classtype:trojan-activity;sid:84049040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185942)"; flow:established,from_client; content:"GET"; http_method; content:"//tracker.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185942/; classtype:trojan-activity;sid:84049042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185943)"; flow:established,from_client; content:"GET"; http_method; content:"//extension2.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185943/; classtype:trojan-activity;sid:84049043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185935)"; flow:established,from_client; content:"GET"; http_method; content:"//monitor.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185935/; classtype:trojan-activity;sid:84049035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185936)"; flow:established,from_client; content:"GET"; http_method; content:"//utility3.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185936/; classtype:trojan-activity;sid:84049036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185937)"; flow:established,from_client; content:"GET"; http_method; content:"//trial.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185937/; classtype:trojan-activity;sid:84049037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185934)"; flow:established,from_client; content:"GET"; http_method; content:"//organiser3.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185934/; classtype:trojan-activity;sid:84049034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185927)"; flow:established,from_client; content:"GET"; http_method; content:"//organiser2.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185927/; classtype:trojan-activity;sid:84049027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185928)"; flow:established,from_client; content:"GET"; http_method; content:"//service.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185928/; classtype:trojan-activity;sid:84049028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185930)"; flow:established,from_client; content:"GET"; http_method; content:"//launcher.elf"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185930/; classtype:trojan-activity;sid:84049030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185931)"; flow:established,from_client; content:"GET"; http_method; content:"//utility2.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185931/; classtype:trojan-activity;sid:84049031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185932)"; flow:established,from_client; content:"GET"; http_method; content:"//utility.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185932/; classtype:trojan-activity;sid:84049032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185933)"; flow:established,from_client; content:"GET"; http_method; content:"//setup.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185933/; classtype:trojan-activity;sid:84049033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185926)"; flow:established,from_client; content:"GET"; http_method; content:"//excel.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185926/; classtype:trojan-activity;sid:84049026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185924)"; flow:established,from_client; content:"GET"; http_method; content:"//uploader.elf"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185924/; classtype:trojan-activity;sid:84049024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185922)"; flow:established,from_client; content:"GET"; http_method; content:"//meeting.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185922/; classtype:trojan-activity;sid:84049022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185920)"; flow:established,from_client; content:"GET"; http_method; content:"//prototype.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185920/; classtype:trojan-activity;sid:84049020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185912)"; flow:established,from_client; content:"GET"; http_method; content:"//tracker.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185912/; classtype:trojan-activity;sid:84049012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185913)"; flow:established,from_client; content:"GET"; http_method; content:"//extension.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185913/; classtype:trojan-activity;sid:84049013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185914)"; flow:established,from_client; content:"GET"; http_method; content:"//organiser.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185914/; classtype:trojan-activity;sid:84049014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185916)"; flow:established,from_client; content:"GET"; http_method; content:"//charter.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185916/; classtype:trojan-activity;sid:84049016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185917)"; flow:established,from_client; content:"GET"; http_method; content:"//accounts.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185917/; classtype:trojan-activity;sid:84049017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185918)"; flow:established,from_client; content:"GET"; http_method; content:"//journal.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185918/; classtype:trojan-activity;sid:84049018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185919)"; flow:established,from_client; content:"GET"; http_method; content:"//uploader.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185919/; classtype:trojan-activity;sid:84049019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185909)"; flow:established,from_client; content:"GET"; http_method; content:"//excel.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185909/; classtype:trojan-activity;sid:84049009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185910)"; flow:established,from_client; content:"GET"; http_method; content:"//icon.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185910/; classtype:trojan-activity;sid:84049010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185911)"; flow:established,from_client; content:"GET"; http_method; content:"//extension2.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185911/; classtype:trojan-activity;sid:84049011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185853)"; flow:established,from_client; content:"GET"; http_method; content:"/mysqld.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.238.84.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185853/; classtype:trojan-activity;sid:84048953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185567)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/rf.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185567/; classtype:trojan-activity;sid:84048667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185560)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/j1.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185560/; classtype:trojan-activity;sid:84048660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185564)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/k1r.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185564/; classtype:trojan-activity;sid:84048664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184777)"; flow:established,from_client; content:"GET"; http_method; content:"/autoupdate/hostfile/game.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"103.110.33.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184777/; classtype:trojan-activity;sid:84047877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184776)"; flow:established,from_client; content:"GET"; http_method; content:"/autoupdate/hostfile/config.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"103.110.33.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184776/; classtype:trojan-activity;sid:84047876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184769)"; flow:established,from_client; content:"GET"; http_method; content:"/autoupdate/hostfile/autoupdate.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"103.110.33.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184769/; classtype:trojan-activity;sid:84047869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184301)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/needmoney.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184301/; classtype:trojan-activity;sid:84047401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184299)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/firefox.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184299/; classtype:trojan-activity;sid:84047399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184293)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/microsoft.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184293/; classtype:trojan-activity;sid:84047393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184284)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummac222222.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184284/; classtype:trojan-activity;sid:84047384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3182627)"; flow:established,from_client; content:"GET"; http_method; content:"/criptonize.i586"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"41.231.37.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_20; reference:url, urlhaus.abuse.ch/url/3182627/; classtype:trojan-activity;sid:84045727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3182626)"; flow:established,from_client; content:"GET"; http_method; content:"/criptonize.armv7l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"41.231.37.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_20; reference:url, urlhaus.abuse.ch/url/3182626/; classtype:trojan-activity;sid:84045726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3182622)"; flow:established,from_client; content:"GET"; http_method; content:"/criptonize.mipsel"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"41.231.37.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_20; reference:url, urlhaus.abuse.ch/url/3182622/; classtype:trojan-activity;sid:84045722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3182623)"; flow:established,from_client; content:"GET"; http_method; content:"/criptonize.armv5l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"41.231.37.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_20; reference:url, urlhaus.abuse.ch/url/3182623/; classtype:trojan-activity;sid:84045723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3182624)"; flow:established,from_client; content:"GET"; http_method; content:"/criptonize.armv6l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"41.231.37.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_20; reference:url, urlhaus.abuse.ch/url/3182624/; classtype:trojan-activity;sid:84045724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3176961)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/amadeus.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_16; reference:url, urlhaus.abuse.ch/url/3176961/; classtype:trojan-activity;sid:84040061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3176887)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/clip.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_16; reference:url, urlhaus.abuse.ch/url/3176887/; classtype:trojan-activity;sid:84039987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175721)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175721/; classtype:trojan-activity;sid:84038821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175712)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175712/; classtype:trojan-activity;sid:84038812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175659)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"195.46.176.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175659/; classtype:trojan-activity;sid:84038759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175566)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"195.46.176.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175566/; classtype:trojan-activity;sid:84038666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175448)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175448/; classtype:trojan-activity;sid:84038548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175437)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175437/; classtype:trojan-activity;sid:84038537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175403)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175403/; classtype:trojan-activity;sid:84038503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175393)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"195.46.176.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175393/; classtype:trojan-activity;sid:84038493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175280)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175280/; classtype:trojan-activity;sid:84038380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175149)"; flow:established,from_client; content:"GET"; http_method; content:"/load.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"8.138.81.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175149/; classtype:trojan-activity;sid:84038249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175134)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"122.51.183.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175134/; classtype:trojan-activity;sid:84038234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175124)"; flow:established,from_client; content:"GET"; http_method; content:"/build.config"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"8.138.81.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175124/; classtype:trojan-activity;sid:84038224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175127)"; flow:established,from_client; content:"GET"; http_method; content:"/setup.bat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"8.138.81.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175127/; classtype:trojan-activity;sid:84038227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175111)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175111/; classtype:trojan-activity;sid:84038211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175104)"; flow:established,from_client; content:"GET"; http_method; content:"/tarm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175104/; classtype:trojan-activity;sid:84038204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175105)"; flow:established,from_client; content:"GET"; http_method; content:"/tarm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175105/; classtype:trojan-activity;sid:84038205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175106)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175106/; classtype:trojan-activity;sid:84038206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175107)"; flow:established,from_client; content:"GET"; http_method; content:"/tarm6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175107/; classtype:trojan-activity;sid:84038207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175108/; classtype:trojan-activity;sid:84038208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174586)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bitcoincore.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174586/; classtype:trojan-activity;sid:84037686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174584)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/8.11.9-windows.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174584/; classtype:trojan-activity;sid:84037684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174582)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/s%d0%b5tup.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174582/; classtype:trojan-activity;sid:84037682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174581)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/broadcom5.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174581/; classtype:trojan-activity;sid:84037681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174580)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pyld64.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174580/; classtype:trojan-activity;sid:84037680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174579)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/client_protected.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174579/; classtype:trojan-activity;sid:84037679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174578)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/freedom.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174578/; classtype:trojan-activity;sid:84037678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174576)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rms1.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174576/; classtype:trojan-activity;sid:84037676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174574)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pichon.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174574/; classtype:trojan-activity;sid:84037674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174575)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gift-info.lmg.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174575/; classtype:trojan-activity;sid:84037675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174573)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cclent.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174573/; classtype:trojan-activity;sid:84037673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174572)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pyl64.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174572/; classtype:trojan-activity;sid:84037672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174570)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bandwidth_monitor.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174570/; classtype:trojan-activity;sid:84037670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174569)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/whiteheroin.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174569/; classtype:trojan-activity;sid:84037669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174568)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/hvnc1.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174568/; classtype:trojan-activity;sid:84037668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174566)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ghost_0x000263826b9a9b91.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174566/; classtype:trojan-activity;sid:84037666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174567)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/morphic.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174567/; classtype:trojan-activity;sid:84037667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174564)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cnyvvl.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174564/; classtype:trojan-activity;sid:84037664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174565)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xclient_protected.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174565/; classtype:trojan-activity;sid:84037665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174560)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/resex.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174560/; classtype:trojan-activity;sid:84037660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174561)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5knchalah.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174561/; classtype:trojan-activity;sid:84037661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174556)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5_6253708004881862888.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174556/; classtype:trojan-activity;sid:84037656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174523)"; flow:established,from_client; content:"GET"; http_method; content:"/scribblercoder/browserthief/main/browserthief.ps1"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174523/; classtype:trojan-activity;sid:84037623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174501)"; flow:established,from_client; content:"GET"; http_method; content:"/dobre/splwow64.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174501/; classtype:trojan-activity;sid:84037601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174496)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bundle.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174496/; classtype:trojan-activity;sid:84037596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174498)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/penis.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174498/; classtype:trojan-activity;sid:84037598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174493)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vlst.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174493/; classtype:trojan-activity;sid:84037593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174406)"; flow:established,from_client; content:"GET"; http_method; content:"/winring0x64.sys"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.173.254.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174406/; classtype:trojan-activity;sid:84037506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174364)"; flow:established,from_client; content:"GET"; http_method; content:"/foru.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"tecunonline.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174364/; classtype:trojan-activity;sid:84037464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174340)"; flow:established,from_client; content:"GET"; http_method; content:"/foru.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.tecunonline.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174340/; classtype:trojan-activity;sid:84037440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174318)"; flow:established,from_client; content:"GET"; http_method; content:"/tarm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174318/; classtype:trojan-activity;sid:84037418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174319)"; flow:established,from_client; content:"GET"; http_method; content:"/tsh4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174319/; classtype:trojan-activity;sid:84037419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174320)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.142.53.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174320/; classtype:trojan-activity;sid:84037420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174264)"; flow:established,from_client; content:"GET"; http_method; content:"/keygen"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174264/; classtype:trojan-activity;sid:84037364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3173868)"; flow:established,from_client; content:"GET"; http_method; content:"/file.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.25.72.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3173868/; classtype:trojan-activity;sid:84036968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172268)"; flow:established,from_client; content:"GET"; http_method; content:"/taskmgr.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.173.254.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172268/; classtype:trojan-activity;sid:84035368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172240)"; flow:established,from_client; content:"GET"; http_method; content:"/techsavvysenior/referralreactjs/archive/refs/heads/main.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172240/; classtype:trojan-activity;sid:84035340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3171183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.16.102.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3171183/; classtype:trojan-activity;sid:84034283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3169080)"; flow:established,from_client; content:"GET"; http_method; content:"/tenants/135790374f46b0107c516a5f5e13069b/5e5f800fdf87209fdf8f9b61441e53a1/linux/x64/stable/install.sh"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"download.cudo.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_09_12; reference:url, urlhaus.abuse.ch/url/3169080/; classtype:trojan-activity;sid:84032180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165794)"; flow:established,from_client; content:"GET"; http_method; content:"/ri/la.bot.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165794/; classtype:trojan-activity;sid:84028894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165791)"; flow:established,from_client; content:"GET"; http_method; content:"/ri/la.bot.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165791/; classtype:trojan-activity;sid:84028891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165792)"; flow:established,from_client; content:"GET"; http_method; content:"/ri/la.bot.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165792/; classtype:trojan-activity;sid:84028892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165778)"; flow:established,from_client; content:"GET"; http_method; content:"/ri/la.bot.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165778/; classtype:trojan-activity;sid:84028878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165779)"; flow:established,from_client; content:"GET"; http_method; content:"/ri/la.bot.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165779/; classtype:trojan-activity;sid:84028879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165781)"; flow:established,from_client; content:"GET"; http_method; content:"/ri/la.bot.powerpc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165781/; classtype:trojan-activity;sid:84028881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165784)"; flow:established,from_client; content:"GET"; http_method; content:"/ri/la.bot.sparc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165784/; classtype:trojan-activity;sid:84028884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165785)"; flow:established,from_client; content:"GET"; http_method; content:"/ri/la.bot.mipsel"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165785/; classtype:trojan-activity;sid:84028885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165787)"; flow:established,from_client; content:"GET"; http_method; content:"/ri/la.bot.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165787/; classtype:trojan-activity;sid:84028887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165790)"; flow:established,from_client; content:"GET"; http_method; content:"/ri/la.bot.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165790/; classtype:trojan-activity;sid:84028890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3163568)"; flow:established,from_client; content:"GET"; http_method; content:"/avoslocker.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_09; reference:url, urlhaus.abuse.ch/url/3163568/; classtype:trojan-activity;sid:84026668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3163237)"; flow:established,from_client; content:"GET"; http_method; content:"/avastavv.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"avastop.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_09; reference:url, urlhaus.abuse.ch/url/3163237/; classtype:trojan-activity;sid:84026337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3163126)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.16.102.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_08; reference:url, urlhaus.abuse.ch/url/3163126/; classtype:trojan-activity;sid:84026226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156454)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"122.51.75.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156454/; classtype:trojan-activity;sid:84019554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156256)"; flow:established,from_client; content:"GET"; http_method; content:"/1608/6ixcgyundte9indcrjg0.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156256/; classtype:trojan-activity;sid:84019356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156257)"; flow:established,from_client; content:"GET"; http_method; content:"/2108/omf035w09jhsw3qim7yy.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156257/; classtype:trojan-activity;sid:84019357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156258)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/s"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156258/; classtype:trojan-activity;sid:84019358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156259)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/file"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156259/; classtype:trojan-activity;sid:84019359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156260)"; flow:established,from_client; content:"GET"; http_method; content:"/2108/obaqiquigeflou8dltcj.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156260/; classtype:trojan-activity;sid:84019360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156261)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/spkld0pht5zkdb7062ql.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156261/; classtype:trojan-activity;sid:84019361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156246)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/u9iczzb5fm5owwojnw5q.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156246/; classtype:trojan-activity;sid:84019346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156249)"; flow:established,from_client; content:"GET"; http_method; content:"/1608/e96h9t9y6mvvm4pyti8p.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156249/; classtype:trojan-activity;sid:84019349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156251)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/r"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156251/; classtype:trojan-activity;sid:84019351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156252)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/thxb4tu1jp1fqqfsqky1.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156252/; classtype:trojan-activity;sid:84019352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156254)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/hn9om6j1c9ycqkei5xe2.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156254/; classtype:trojan-activity;sid:84019354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156255)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/t8eceab2kwpje4vdedzb.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156255/; classtype:trojan-activity;sid:84019355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156244)"; flow:established,from_client; content:"GET"; http_method; content:"/2108/kyorihrhn8gphiz4be4p.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156244/; classtype:trojan-activity;sid:84019344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156245)"; flow:established,from_client; content:"GET"; http_method; content:"/1608/xdz2maxjk6goovrsde3u.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156245/; classtype:trojan-activity;sid:84019345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156234)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/t8eceab2kwpje4vdedzb.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156234/; classtype:trojan-activity;sid:84019334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156235)"; flow:established,from_client; content:"GET"; http_method; content:"/1608/6ixcgyundte9indcrjg0.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156235/; classtype:trojan-activity;sid:84019335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156241)"; flow:established,from_client; content:"GET"; http_method; content:"/1608/l8dnezoixbihmshsbj12.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156241/; classtype:trojan-activity;sid:84019341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156232)"; flow:established,from_client; content:"GET"; http_method; content:"/2108/omf035w09jhsw3qim7yy.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156232/; classtype:trojan-activity;sid:84019332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156226)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/hn9om6j1c9ycqkei5xe2.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156226/; classtype:trojan-activity;sid:84019326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156227)"; flow:established,from_client; content:"GET"; http_method; content:"/1608/xdz2maxjk6goovrsde3u.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156227/; classtype:trojan-activity;sid:84019327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156228)"; flow:established,from_client; content:"GET"; http_method; content:"/2108/kyorihrhn8gphiz4be4p.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156228/; classtype:trojan-activity;sid:84019328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156231)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/u9iczzb5fm5owwojnw5q.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156231/; classtype:trojan-activity;sid:84019331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156225)"; flow:established,from_client; content:"GET"; http_method; content:"/2108/obaqiquigeflou8dltcj.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156225/; classtype:trojan-activity;sid:84019325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3154718)"; flow:established,from_client; content:"GET"; http_method; content:"/hackirby/discord-injection/main/injection.js"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_03; reference:url, urlhaus.abuse.ch/url/3154718/; classtype:trojan-activity;sid:84017818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3153312)"; flow:established,from_client; content:"GET"; http_method; content:"/jndiexploit-0x727-1.3-snapshot.jar"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"8.219.134.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3153312/; classtype:trojan-activity;sid:84016412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3153310)"; flow:established,from_client; content:"GET"; http_method; content:"/fastjson.class"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.219.134.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3153310/; classtype:trojan-activity;sid:84016410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3138431)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.177.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3138431/; classtype:trojan-activity;sid:84001531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3138430)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.177.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3138430/; classtype:trojan-activity;sid:84001530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3138428)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.177.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3138428/; classtype:trojan-activity;sid:84001528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3138429)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.177.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3138429/; classtype:trojan-activity;sid:84001529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3138426)"; flow:established,from_client; content:"GET"; http_method; content:"/clean"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.156.177.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3138426/; classtype:trojan-activity;sid:84001526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3138268)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.156.177.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3138268/; classtype:trojan-activity;sid:84001368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3137563)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.224.162.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_31; reference:url, urlhaus.abuse.ch/url/3137563/; classtype:trojan-activity;sid:84000663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135730)"; flow:established,from_client; content:"GET"; http_method; content:"/miners/myxmrig.tgz"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"do-dear.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135730/; classtype:trojan-activity;sid:83998830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135722)"; flow:established,from_client; content:"GET"; http_method; content:"/sosinchik/asd/main/zoom.py"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135722/; classtype:trojan-activity;sid:83998822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135724)"; flow:established,from_client; content:"GET"; http_method; content:"/moneroocean/xmrig_setup/master/setup_moneroocean_miner.sh"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135724/; classtype:trojan-activity;sid:83998824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135725)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dsfuwqu/main/zombie"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135725/; classtype:trojan-activity;sid:83998825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135613)"; flow:established,from_client; content:"GET"; http_method; content:"/log/orgn.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"epanpano.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135613/; classtype:trojan-activity;sid:83998713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3134374)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/wnbsqv3008.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"soft.wsyhn.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_29; reference:url, urlhaus.abuse.ch/url/3134374/; classtype:trojan-activity;sid:83997474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3134371)"; flow:established,from_client; content:"GET"; http_method; content:"/qqhelper_1540.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"down.qqfarmer.com.cn"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_08_29; reference:url, urlhaus.abuse.ch/url/3134371/; classtype:trojan-activity;sid:83997471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3134368)"; flow:established,from_client; content:"GET"; http_method; content:"/login/1188%e7%83%88%e7%84%b0.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"cdn.ly.9377.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_29; reference:url, urlhaus.abuse.ch/url/3134368/; classtype:trojan-activity;sid:83997468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129654)"; flow:established,from_client; content:"GET"; http_method; content:"/nova_flow/patcher.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"144.172.71.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129654/; classtype:trojan-activity;sid:83992754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129592)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%8b%8d%e7%89%8c%e4%b8%93%e4%b8%9a%e7%89%88.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"ini.sh-pp.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129592/; classtype:trojan-activity;sid:83992692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129577)"; flow:established,from_client; content:"GET"; http_method; content:"/pages/update/css/self/[upg]css.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"cs.go.kg"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129577/; classtype:trojan-activity;sid:83992677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129478)"; flow:established,from_client; content:"GET"; http_method; content:"/zoldownload/foobar2000_v1.6.7_beta_17@1704_129472.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"down10d.zol.com.cn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129478/; classtype:trojan-activity;sid:83992578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129422)"; flow:established,from_client; content:"GET"; http_method; content:"/tjqdq.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.249.193.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129422/; classtype:trojan-activity;sid:83992522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129421)"; flow:established,from_client; content:"GET"; http_method; content:"/test/restart1.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.aqianniao.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129421/; classtype:trojan-activity;sid:83992521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129417)"; flow:established,from_client; content:"GET"; http_method; content:"/asmedises/pxray_cast_sort.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"www.medises.co.kr"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129417/; classtype:trojan-activity;sid:83992517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129223)"; flow:established,from_client; content:"GET"; http_method; content:"/enp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adf6.adf6.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129223/; classtype:trojan-activity;sid:83992323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129220)"; flow:established,from_client; content:"GET"; http_method; content:"/media/mod_junewsultra/js/bootstrap/js/bootstrap.min.js"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"temirtau-adm.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129220/; classtype:trojan-activity;sid:83992320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129042)"; flow:established,from_client; content:"GET"; http_method; content:"/yuta1111x/selfbot/04ecdf46e8db9fce689d93905d759334b475c825/aquarius.exe"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129042/; classtype:trojan-activity;sid:83992142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3128969)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/k1.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3128969/; classtype:trojan-activity;sid:83992069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3128962)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/a1.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3128962/; classtype:trojan-activity;sid:83992062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3128963)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/x2.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3128963/; classtype:trojan-activity;sid:83992063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3128964)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/ark.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3128964/; classtype:trojan-activity;sid:83992064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127950)"; flow:established,from_client; content:"GET"; http_method; content:"/greetings/greetings1/wow.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127950/; classtype:trojan-activity;sid:83991050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127898)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pyld611114.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127898/; classtype:trojan-activity;sid:83990998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127897)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/identification-1.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127897/; classtype:trojan-activity;sid:83990997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127896)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/purlog.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127896/; classtype:trojan-activity;sid:83990996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127895)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/baddstore.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127895/; classtype:trojan-activity;sid:83990995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127894)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mswgoudnv.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127894/; classtype:trojan-activity;sid:83990994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127893)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ven_protected.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127893/; classtype:trojan-activity;sid:83990993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127892)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/surfex.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127892/; classtype:trojan-activity;sid:83990992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127891)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gagagggagagag.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127891/; classtype:trojan-activity;sid:83990991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127795)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/install2.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127795/; classtype:trojan-activity;sid:83990895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127794)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build9.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127794/; classtype:trojan-activity;sid:83990894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127791)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/t3.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127791/; classtype:trojan-activity;sid:83990891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127789)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/winn.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127789/; classtype:trojan-activity;sid:83990889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127787)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/explorer.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127787/; classtype:trojan-activity;sid:83990887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127788)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/new1.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127788/; classtype:trojan-activity;sid:83990888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3126010)"; flow:established,from_client; content:"GET"; http_method; content:"/cve-2021-3156.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"20.243.255.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3126010/; classtype:trojan-activity;sid:83989110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125901)"; flow:established,from_client; content:"GET"; http_method; content:"/cve-2021-3156.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"20.243.255.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125901/; classtype:trojan-activity;sid:83989001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125605)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/indentif.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125605/; classtype:trojan-activity;sid:83988705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125604)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/s%d0%b5tu%d1%80111.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125604/; classtype:trojan-activity;sid:83988704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125603)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xxxx.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125603/; classtype:trojan-activity;sid:83988703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125602)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/windowsui.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125602/; classtype:trojan-activity;sid:83988702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125601)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummac22222.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125601/; classtype:trojan-activity;sid:83988701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125598)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stealc_default2.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125598/; classtype:trojan-activity;sid:83988698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3121905)"; flow:established,from_client; content:"GET"; http_method; content:"/wp/caricatured.emz"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"jahez.me"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_08_22; reference:url, urlhaus.abuse.ch/url/3121905/; classtype:trojan-activity;sid:83985005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3121906)"; flow:established,from_client; content:"GET"; http_method; content:"/wp/azdbzliddkt187.bin"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"jahez.me"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_08_22; reference:url, urlhaus.abuse.ch/url/3121906/; classtype:trojan-activity;sid:83985006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3120967)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vn70wvxw.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_21; reference:url, urlhaus.abuse.ch/url/3120967/; classtype:trojan-activity;sid:83984067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3120608)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypted8888.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_21; reference:url, urlhaus.abuse.ch/url/3120608/; classtype:trojan-activity;sid:83983708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3120496)"; flow:established,from_client; content:"GET"; http_method; content:"/download/ru/downloader.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ldcdn.ldmnq.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_21; reference:url, urlhaus.abuse.ch/url/3120496/; classtype:trojan-activity;sid:83983596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118418)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dtrade_v1.3.6.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118418/; classtype:trojan-activity;sid:83981518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118411)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stealc_daval.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118411/; classtype:trojan-activity;sid:83981511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117673)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/meta.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117673/; classtype:trojan-activity;sid:83980773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117555)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/identification.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117555/; classtype:trojan-activity;sid:83980655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117553)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/channel.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117553/; classtype:trojan-activity;sid:83980653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117554)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/clcs.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117554/; classtype:trojan-activity;sid:83980654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117552)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/setup2.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117552/; classtype:trojan-activity;sid:83980652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117551)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/seo.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117551/; classtype:trojan-activity;sid:83980651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117550)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/coreplugin.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117550/; classtype:trojan-activity;sid:83980650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117549)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/diskutility.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117549/; classtype:trojan-activity;sid:83980649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3116194)"; flow:established,from_client; content:"GET"; http_method; content:"/avastavv.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"avastpx.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_08_19; reference:url, urlhaus.abuse.ch/url/3116194/; classtype:trojan-activity;sid:83979294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3115896)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/drchoe.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_19; reference:url, urlhaus.abuse.ch/url/3115896/; classtype:trojan-activity;sid:83978996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112853)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/set-up.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112853/; classtype:trojan-activity;sid:83975953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112844)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/battlegermany.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112844/; classtype:trojan-activity;sid:83975944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112728)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/3546345.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112728/; classtype:trojan-activity;sid:83975828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112688)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/channel1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112688/; classtype:trojan-activity;sid:83975788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112427)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"190.104.213.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112427/; classtype:trojan-activity;sid:83975527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112426)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"200.29.120.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112426/; classtype:trojan-activity;sid:83975526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112419)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.182.76.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112419/; classtype:trojan-activity;sid:83975519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112420)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.182.76.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112420/; classtype:trojan-activity;sid:83975520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112410)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.118.19.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112410/; classtype:trojan-activity;sid:83975510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112411)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.118.19.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112411/; classtype:trojan-activity;sid:83975511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112412)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.118.19.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112412/; classtype:trojan-activity;sid:83975512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112414)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.118.19.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112414/; classtype:trojan-activity;sid:83975514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112415)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.118.19.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112415/; classtype:trojan-activity;sid:83975515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112417)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.121.250.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112417/; classtype:trojan-activity;sid:83975517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3111151)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/contorax.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3111151/; classtype:trojan-activity;sid:83974251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110939)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/survox.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110939/; classtype:trojan-activity;sid:83974039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110860)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.141.166.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110860/; classtype:trojan-activity;sid:83973960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110861)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110861/; classtype:trojan-activity;sid:83973961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110852)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.108.142.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110852/; classtype:trojan-activity;sid:83973952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110838)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"111.230.25.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110838/; classtype:trojan-activity;sid:83973938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110834)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.113.107.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110834/; classtype:trojan-activity;sid:83973934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110832)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.134.163.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110832/; classtype:trojan-activity;sid:83973932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110764)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.120.60.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110764/; classtype:trojan-activity;sid:83973864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110626)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.14.213.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110626/; classtype:trojan-activity;sid:83973726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110579)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.15.224.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110579/; classtype:trojan-activity;sid:83973679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110554)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.120.60.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110554/; classtype:trojan-activity;sid:83973654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110534)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.154.14.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110534/; classtype:trojan-activity;sid:83973634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110487)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/runtime.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110487/; classtype:trojan-activity;sid:83973587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110485)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gsprout.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110485/; classtype:trojan-activity;sid:83973585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110484)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stub.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110484/; classtype:trojan-activity;sid:83973584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110482)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/file1.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110482/; classtype:trojan-activity;sid:83973582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110483)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/js.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110483/; classtype:trojan-activity;sid:83973583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110402)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mobiletrans.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110402/; classtype:trojan-activity;sid:83973502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110401)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zzzz1.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110401/; classtype:trojan-activity;sid:83973501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110395)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/armanivenntii_crypted_easy.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110395/; classtype:trojan-activity;sid:83973495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110396)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5_6190317556063017550.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110396/; classtype:trojan-activity;sid:83973496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110397)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pctoccurred.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110397/; classtype:trojan-activity;sid:83973497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110398)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/doc.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110398/; classtype:trojan-activity;sid:83973498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110399)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svc.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110399/; classtype:trojan-activity;sid:83973499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110400)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rorukal.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110400/; classtype:trojan-activity;sid:83973500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110389)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/northsperm.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110389/; classtype:trojan-activity;sid:83973489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110390)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mepaxil.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110390/; classtype:trojan-activity;sid:83973490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110391)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ukodbcdcl.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110391/; classtype:trojan-activity;sid:83973491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110393)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/scheduledllama.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110393/; classtype:trojan-activity;sid:83973493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110394)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/14082024.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110394/; classtype:trojan-activity;sid:83973494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109981)"; flow:established,from_client; content:"GET"; http_method; content:"/in/2041.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109981/; classtype:trojan-activity;sid:83973081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109982)"; flow:established,from_client; content:"GET"; http_method; content:"/in/204.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109982/; classtype:trojan-activity;sid:83973082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109980)"; flow:established,from_client; content:"GET"; http_method; content:"/in/d204.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109980/; classtype:trojan-activity;sid:83973080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109695)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.248.204.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109695/; classtype:trojan-activity;sid:83972795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109697)"; flow:established,from_client; content:"GET"; http_method; content:"/1"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109697/; classtype:trojan-activity;sid:83972797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.248.204.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109308/; classtype:trojan-activity;sid:83972408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109080)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.248.204.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109080/; classtype:trojan-activity;sid:83972180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109072)"; flow:established,from_client; content:"GET"; http_method; content:"/download/new_image/new_image.jpg"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"archive.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109072/; classtype:trojan-activity;sid:83972172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108504)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/webcam.dll"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108504/; classtype:trojan-activity;sid:83971604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108505)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/token%20grabber.dll"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108505/; classtype:trojan-activity;sid:83971605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108506)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/rootkit.dll"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108506/; classtype:trojan-activity;sid:83971606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108507)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/unrootkit.dll"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108507/; classtype:trojan-activity;sid:83971607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108503)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/passwordstealer.dll"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108503/; classtype:trojan-activity;sid:83971603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108502)"; flow:established,from_client; content:"GET"; http_method; content:"/openark/version.txt"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"file.blackint3.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108502/; classtype:trojan-activity;sid:83971602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108492)"; flow:established,from_client; content:"GET"; http_method; content:"/openark/openark64.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"file.blackint3.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108492/; classtype:trojan-activity;sid:83971592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108459)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/robotic.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108459/; classtype:trojan-activity;sid:83971559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106840)"; flow:established,from_client; content:"GET"; http_method; content:"/tool/extreme%20injector%20v3.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"124.220.235.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106840/; classtype:trojan-activity;sid:83969940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106560)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120646if_/http:/154.216.19.139/bins/mirai.armv4l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106560/; classtype:trojan-activity;sid:83969660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106559)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122936if_/http:/154.216.19.139/bins/mirai.gnueabihf"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106559/; classtype:trojan-activity;sid:83969659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106558)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120223if_/http:/154.216.19.139/bins/mirai.bin"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106558/; classtype:trojan-activity;sid:83969658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106556)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121041if_/http:/154.216.19.139/bins/mirai.armv6l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106556/; classtype:trojan-activity;sid:83969656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106557)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808123114if_/http:/154.216.19.139/bins/mirai.arc"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106557/; classtype:trojan-activity;sid:83969657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106551)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122755if_/http:/154.216.19.139/bins/mirai.x86_64"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106551/; classtype:trojan-activity;sid:83969651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106552)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121121if_/http:/154.216.19.139/bins/mirai.armv7l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106552/; classtype:trojan-activity;sid:83969652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106553)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120945if_/http:/154.216.19.139/bins/mirai.armv5l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106553/; classtype:trojan-activity;sid:83969653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106554)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122159if_/http:/154.216.19.139/bins/mirai.powerpc"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106554/; classtype:trojan-activity;sid:83969654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106555)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121832if_/http:/154.216.19.139/bins/mirai.mipsel"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106555/; classtype:trojan-activity;sid:83969655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106396)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/msedge.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106396/; classtype:trojan-activity;sid:83969496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105147)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/test_move.bat"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105147/; classtype:trojan-activity;sid:83968247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105148)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/test_virus.bat"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105148/; classtype:trojan-activity;sid:83968248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105149)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/keylogger.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105149/; classtype:trojan-activity;sid:83968249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105150)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/networks_profile.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105150/; classtype:trojan-activity;sid:83968250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105145)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/backdoor.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105145/; classtype:trojan-activity;sid:83968245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105146)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/fill_storage_move.bat"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105146/; classtype:trojan-activity;sid:83968246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105144)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/fill_storage_virus.bat"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105144/; classtype:trojan-activity;sid:83968244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103617)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/out_test_sig.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103617/; classtype:trojan-activity;sid:83966717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103488)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103488/; classtype:trojan-activity;sid:83966588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103489)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103489/; classtype:trojan-activity;sid:83966589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103487)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"75.8.215.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103487/; classtype:trojan-activity;sid:83966587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103482)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.255.218.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103482/; classtype:trojan-activity;sid:83966582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103476)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103476/; classtype:trojan-activity;sid:83966576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103477)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.115.56.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103477/; classtype:trojan-activity;sid:83966577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103467)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.241.17.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103467/; classtype:trojan-activity;sid:83966567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103463)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.10.240.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103463/; classtype:trojan-activity;sid:83966563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103464)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.230.143.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103464/; classtype:trojan-activity;sid:83966564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103368)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.92.101.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103368/; classtype:trojan-activity;sid:83966468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103197)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cookie250.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103197/; classtype:trojan-activity;sid:83966297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3102194)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/nano.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3102194/; classtype:trojan-activity;sid:83965294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3102108)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/1111.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3102108/; classtype:trojan-activity;sid:83965208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101697)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/identifications.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101697/; classtype:trojan-activity;sid:83964797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101696)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pimer_bbbcontents7.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101696/; classtype:trojan-activity;sid:83964796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101658)"; flow:established,from_client; content:"GET"; http_method; content:"/documents.elf"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101658/; classtype:trojan-activity;sid:83964758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101655)"; flow:established,from_client; content:"GET"; http_method; content:"/documents.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101655/; classtype:trojan-activity;sid:83964755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101646)"; flow:established,from_client; content:"GET"; http_method; content:"/organiser.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101646/; classtype:trojan-activity;sid:83964746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101647)"; flow:established,from_client; content:"GET"; http_method; content:"/mimikatz_trunk.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101647/; classtype:trojan-activity;sid:83964747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101638)"; flow:established,from_client; content:"GET"; http_method; content:"/extension.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101638/; classtype:trojan-activity;sid:83964738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101202)"; flow:established,from_client; content:"GET"; http_method; content:"/installkitnew90/setupnew3/raw/5b5d1a339e750dfcc24fd8a7805629dd300db45b/g2m.dll"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101202/; classtype:trojan-activity;sid:83964302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101203)"; flow:established,from_client; content:"GET"; http_method; content:"/installkitnew90/setupnew3/raw/f6a9d2071e5b6947d79a7e0bba8e57326fcd76e9/aperturelab.exe"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101203/; classtype:trojan-activity;sid:83964303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101191)"; flow:established,from_client; content:"GET"; http_method; content:"/installkitnew90/setup1055/raw/main/installerpack_20.1.23770_win64.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101191/; classtype:trojan-activity;sid:83964291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101087)"; flow:established,from_client; content:"GET"; http_method; content:"/installkitnew90/setupnew3/releases/download/setupnew/install.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101087/; classtype:trojan-activity;sid:83964187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100622)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/request.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3100622/; classtype:trojan-activity;sid:83963722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100103)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthclient.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100103/; classtype:trojan-activity;sid:83963203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100102)"; flow:established,from_client; content:"GET"; http_method; content:"/ggws.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100102/; classtype:trojan-activity;sid:83963202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100100)"; flow:established,from_client; content:"GET"; http_method; content:"/ggwsupdate.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100100/; classtype:trojan-activity;sid:83963200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100042)"; flow:established,from_client; content:"GET"; http_method; content:"/joelgmsec/invoke-stealth/main/resources/betterxencrypt/betterxencrypt.ps1"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100042/; classtype:trojan-activity;sid:83963142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099961)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122448if_/http:/154.216.19.139/bins/mirai.sh4"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099961/; classtype:trojan-activity;sid:83963061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099962)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121230if_/http:/154.216.19.139/bins/mirai.i586"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099962/; classtype:trojan-activity;sid:83963062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099963)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122636if_/http:/154.216.19.139/bins/mirai.sparc"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099963/; classtype:trojan-activity;sid:83963063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099965)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121347if_/http:/154.216.19.139/bins/mirai.m68k"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099965/; classtype:trojan-activity;sid:83963065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099966)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121419if_/http:/154.216.19.139/bins/mirai.mips"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099966/; classtype:trojan-activity;sid:83963066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099960)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121308if_/http:/154.216.19.139/bins/mirai.i686"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099960/; classtype:trojan-activity;sid:83963060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099818)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/authenticator222.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099818/; classtype:trojan-activity;sid:83962918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099812)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/annesalt.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099812/; classtype:trojan-activity;sid:83962912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099813)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/considerablewinners.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099813/; classtype:trojan-activity;sid:83962913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099814)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/uhigdbf.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099814/; classtype:trojan-activity;sid:83962914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099815)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/redsystem.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099815/; classtype:trojan-activity;sid:83962915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099816)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/yoyf.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099816/; classtype:trojan-activity;sid:83962916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099810)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vhpcde.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099810/; classtype:trojan-activity;sid:83962910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099811)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cudo.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099811/; classtype:trojan-activity;sid:83962911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099808)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/300.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099808/; classtype:trojan-activity;sid:83962908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099809)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/343dsxs.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099809/; classtype:trojan-activity;sid:83962909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099807)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/amadey.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099807/; classtype:trojan-activity;sid:83962907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099776)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/team.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099776/; classtype:trojan-activity;sid:83962876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099772)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/consoleapp3.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099772/; classtype:trojan-activity;sid:83962872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099774)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/client.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099774/; classtype:trojan-activity;sid:83962874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099762)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/opdxdyeul.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099762/; classtype:trojan-activity;sid:83962862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099760)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/06082025.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099760/; classtype:trojan-activity;sid:83962860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097654)"; flow:established,from_client; content:"GET"; http_method; content:"/r2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.180.196.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097654/; classtype:trojan-activity;sid:83960754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097429)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/operation6572.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097429/; classtype:trojan-activity;sid:83960529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097297)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/armadegon.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097297/; classtype:trojan-activity;sid:83960397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097244)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120223if_/http://154.216.19.139/bins/mirai.bin"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097244/; classtype:trojan-activity;sid:83960344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097239)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122755if_/http://154.216.19.139/bins/mirai.x86_64"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097239/; classtype:trojan-activity;sid:83960339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097240)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121041if_/http://154.216.19.139/bins/mirai.armv6l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097240/; classtype:trojan-activity;sid:83960340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097241)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121230if_/http://154.216.19.139/bins/mirai.i586"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097241/; classtype:trojan-activity;sid:83960341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097242)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122636if_/http://154.216.19.139/bins/mirai.sparc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097242/; classtype:trojan-activity;sid:83960342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097243)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121308if_/http://154.216.19.139/bins/mirai.i686"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097243/; classtype:trojan-activity;sid:83960343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097229)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122159if_/http://154.216.19.139/bins/mirai.powerpc"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097229/; classtype:trojan-activity;sid:83960329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097230)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121347if_/http://154.216.19.139/bins/mirai.m68k"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097230/; classtype:trojan-activity;sid:83960330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097231)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121121if_/http://154.216.19.139/bins/mirai.armv7l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097231/; classtype:trojan-activity;sid:83960331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097232)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808123114if_/http://154.216.19.139/bins/mirai.arc"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097232/; classtype:trojan-activity;sid:83960332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097233)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122448if_/http://154.216.19.139/bins/mirai.sh4"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097233/; classtype:trojan-activity;sid:83960333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097234)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121832if_/http://154.216.19.139/bins/mirai.mipsel"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097234/; classtype:trojan-activity;sid:83960334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097235)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120945if_/http://154.216.19.139/bins/mirai.armv5l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097235/; classtype:trojan-activity;sid:83960335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097236)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120646if_/http://154.216.19.139/bins/mirai.armv4l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097236/; classtype:trojan-activity;sid:83960336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097237)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122936if_/http://154.216.19.139/bins/mirai.gnueabihf"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097237/; classtype:trojan-activity;sid:83960337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097238)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121419if_/http://154.216.19.139/bins/mirai.mips"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097238/; classtype:trojan-activity;sid:83960338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097110)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rage.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097110/; classtype:trojan-activity;sid:83960210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096571)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/1.jpg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"inspirepk.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096571/; classtype:trojan-activity;sid:83959671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096545)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/30072024.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096545/; classtype:trojan-activity;sid:83959645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096542)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kitty.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096542/; classtype:trojan-activity;sid:83959642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096543)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stealc_default.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096543/; classtype:trojan-activity;sid:83959643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096544)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gold.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096544/; classtype:trojan-activity;sid:83959644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096428)"; flow:established,from_client; content:"GET"; http_method; content:"/d/filecontains.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096428/; classtype:trojan-activity;sid:83959528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096417)"; flow:established,from_client; content:"GET"; http_method; content:"/d/filecontains.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096417/; classtype:trojan-activity;sid:83959517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096404)"; flow:established,from_client; content:"GET"; http_method; content:"/d/filecontains.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096404/; classtype:trojan-activity;sid:83959504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096385)"; flow:established,from_client; content:"GET"; http_method; content:"/d/filecontains.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096385/; classtype:trojan-activity;sid:83959485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095177)"; flow:established,from_client; content:"GET"; http_method; content:"/blink"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"152.168.125.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095177/; classtype:trojan-activity;sid:83958277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3094790)"; flow:established,from_client; content:"GET"; http_method; content:"/latest.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"37.9.35.70"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3094790/; classtype:trojan-activity;sid:83957890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3094781)"; flow:established,from_client; content:"GET"; http_method; content:"/logon.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.15.9.44"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3094781/; classtype:trojan-activity;sid:83957881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093388)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093388/; classtype:trojan-activity;sid:83956488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093191)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.243.175.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093191/; classtype:trojan-activity;sid:83956291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093077)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.43.2.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093077/; classtype:trojan-activity;sid:83956177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093012)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.223.200.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093012/; classtype:trojan-activity;sid:83956112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3092930)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.120.60.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3092930/; classtype:trojan-activity;sid:83956030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3092877)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"85.175.101.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3092877/; classtype:trojan-activity;sid:83955977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3092881)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.43.16.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3092881/; classtype:trojan-activity;sid:83955981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3090349)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_08_05; reference:url, urlhaus.abuse.ch/url/3090349/; classtype:trojan-activity;sid:83953449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3089687)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/clsid.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_05; reference:url, urlhaus.abuse.ch/url/3089687/; classtype:trojan-activity;sid:83952787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3089612)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/3544436.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_05; reference:url, urlhaus.abuse.ch/url/3089612/; classtype:trojan-activity;sid:83952712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088913)"; flow:established,from_client; content:"GET"; http_method; content:"/%5bwww.ghxi.com%5d%e7%93%9c%e5%ad%90%e5%bd%b1%e8%a7%86v2_v1.9.1.1.apk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"47.109.77.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088913/; classtype:trojan-activity;sid:83952013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088911)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%88%91%e7%9a%84%e7%94%b5%e8%a7%86tv-v2.1.8-%e5%85%8d%e8%b4%b9%e7%ba%af%e5%87%80%e7%89%88.apk"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"47.109.77.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088911/; classtype:trojan-activity;sid:83952011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088858)"; flow:established,from_client; content:"GET"; http_method; content:"/1722087714.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.116.192.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088858/; classtype:trojan-activity;sid:83951958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088857)"; flow:established,from_client; content:"GET"; http_method; content:"/r"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"47.116.192.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088857/; classtype:trojan-activity;sid:83951957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088362)"; flow:established,from_client; content:"GET"; http_method; content:"/utility.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088362/; classtype:trojan-activity;sid:83951462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088292)"; flow:established,from_client; content:"GET"; http_method; content:"/launcher.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088292/; classtype:trojan-activity;sid:83951392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3087715)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cbmefxrmnv.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3087715/; classtype:trojan-activity;sid:83950815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3087662)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/systems.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3087662/; classtype:trojan-activity;sid:83950762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3087649)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3087649/; classtype:trojan-activity;sid:83950749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086916)"; flow:established,from_client; content:"GET"; http_method; content:"/fucksupershell"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"park.chuitian.cn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086916/; classtype:trojan-activity;sid:83950016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086915)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/rssh"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"park.chuitian.cn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086915/; classtype:trojan-activity;sid:83950015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086914)"; flow:established,from_client; content:"GET"; http_method; content:"/fucksupershell"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"rd.chuitian.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086914/; classtype:trojan-activity;sid:83950014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086911)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/n"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"ciscocdn.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086911/; classtype:trojan-activity;sid:83950011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086908)"; flow:established,from_client; content:"GET"; http_method; content:"/rssh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"rd.chuitian.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086908/; classtype:trojan-activity;sid:83950008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086907)"; flow:established,from_client; content:"GET"; http_method; content:"/rssh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"park.chuitian.cn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086907/; classtype:trojan-activity;sid:83950007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086906)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/rssh"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"rd.chuitian.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086906/; classtype:trojan-activity;sid:83950006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086899)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/x64"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"ciscocdn.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086899/; classtype:trojan-activity;sid:83949999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086854)"; flow:established,from_client; content:"GET"; http_method; content:"/d2/cdclient.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"dld.jxwan.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086854/; classtype:trojan-activity;sid:83949954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086850)"; flow:established,from_client; content:"GET"; http_method; content:"/flowers/flowers1//three-daisies.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086850/; classtype:trojan-activity;sid:83949950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086851)"; flow:established,from_client; content:"GET"; http_method; content:"/flowers/flowers1//yellow-rose.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086851/; classtype:trojan-activity;sid:83949951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086849)"; flow:established,from_client; content:"GET"; http_method; content:"/flowers/flowers1//smell-the-roses.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086849/; classtype:trojan-activity;sid:83949949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086848)"; flow:established,from_client; content:"GET"; http_method; content:"/down/tb/tb.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tengfeidn.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086848/; classtype:trojan-activity;sid:83949948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086847)"; flow:established,from_client; content:"GET"; http_method; content:"/down/jf/jf.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tengfeidn.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086847/; classtype:trojan-activity;sid:83949947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086846)"; flow:established,from_client; content:"GET"; http_method; content:"/greetings//greetings1/wow.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086846/; classtype:trojan-activity;sid:83949946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086844)"; flow:established,from_client; content:"GET"; http_method; content:"/greetings//greetings1/whats-new.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086844/; classtype:trojan-activity;sid:83949944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086843)"; flow:established,from_client; content:"GET"; http_method; content:"/greetings//greetings1/hiya.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086843/; classtype:trojan-activity;sid:83949943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086829)"; flow:established,from_client; content:"GET"; http_method; content:"/scenic/scenic1//jet.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086829/; classtype:trojan-activity;sid:83949929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086830)"; flow:established,from_client; content:"GET"; http_method; content:"/scenic/scenic1//sunset1.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086830/; classtype:trojan-activity;sid:83949930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086831)"; flow:established,from_client; content:"GET"; http_method; content:"/scenic/scenic1/china.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086831/; classtype:trojan-activity;sid:83949931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086832)"; flow:established,from_client; content:"GET"; http_method; content:"/scenic/scenic1//foggy-mountains.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086832/; classtype:trojan-activity;sid:83949932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086833)"; flow:established,from_client; content:"GET"; http_method; content:"/scenic/scenic1//mountain-pasture.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086833/; classtype:trojan-activity;sid:83949933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086828)"; flow:established,from_client; content:"GET"; http_method; content:"/scenic/scenic1//china.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086828/; classtype:trojan-activity;sid:83949928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086419)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/%e6%a4%8d%e7%89%a9%e5%a4%a7%e6%88%98%e5%83%b5%e5%b0%b82%e4%bf%ae%e6%94%b9%e5%99%a8.exe"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"111.231.145.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086419/; classtype:trojan-activity;sid:83949519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086416)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/x64"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"43.134.118.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086416/; classtype:trojan-activity;sid:83949516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086415)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/%e6%88%91%e7%9a%84%e4%b8%96%e7%95%8c_%e5%ad%a4%e5%b2%9b%e6%83%8a%e9%ad%823.exe"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"111.231.145.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086415/; classtype:trojan-activity;sid:83949515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086407)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/2.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"111.231.145.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086407/; classtype:trojan-activity;sid:83949507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086408)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/%e5%b0%8f%e9%b8%a1%e5%85%a5%e4%be%b5%e8%80%853.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"111.231.145.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086408/; classtype:trojan-activity;sid:83949508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086404)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/%d1%83%d1%81%d0%b5%d1%80%d0%bb%d0%be%d0%bd%d0%b32.exe"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"111.231.145.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086404/; classtype:trojan-activity;sid:83949504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086405)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/%e7%8b%99%e5%87%bb%e6%89%8b_%e5%b9%bd%e7%81%b5%e6%88%98%e5%a3%ab2%e7%ae%80%e4%bd%93%e4%b8%ad%e6%96%87%e7%89%88.exe"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"111.231.145.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086405/; classtype:trojan-activity;sid:83949505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086403)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/3=====.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"111.231.145.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086403/; classtype:trojan-activity;sid:83949503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086395)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/3.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"111.231.145.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086395/; classtype:trojan-activity;sid:83949495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086390)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/%5bwin"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"8.218.138.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086390/; classtype:trojan-activity;sid:83949490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3083844)"; flow:established,from_client; content:"GET"; http_method; content:"/store_app/guardservice.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sgz-1302338321.cos.ap-guangzhou.myqcloud.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_08_02; reference:url, urlhaus.abuse.ch/url/3083844/; classtype:trojan-activity;sid:83946944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3083792)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/23c2343.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_02; reference:url, urlhaus.abuse.ch/url/3083792/; classtype:trojan-activity;sid:83946892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3083790)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build_2024-07-24_23-16.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_02; reference:url, urlhaus.abuse.ch/url/3083790/; classtype:trojan-activity;sid:83946890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3083248)"; flow:established,from_client; content:"GET"; http_method; content:"/view.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sister-1324943887.cos.ap-guangzhou.myqcloud.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2024_08_01; reference:url, urlhaus.abuse.ch/url/3083248/; classtype:trojan-activity;sid:83946348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3083247)"; flow:established,from_client; content:"GET"; http_method; content:"/installer.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sister-1324943887.cos.ap-guangzhou.myqcloud.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2024_08_01; reference:url, urlhaus.abuse.ch/url/3083247/; classtype:trojan-activity;sid:83946347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3081942)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/jsawdtyjde.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_01; reference:url, urlhaus.abuse.ch/url/3081942/; classtype:trojan-activity;sid:83945042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3081941)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mynewrdx.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_01; reference:url, urlhaus.abuse.ch/url/3081941/; classtype:trojan-activity;sid:83945041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3081930)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/4434.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_01; reference:url, urlhaus.abuse.ch/url/3081930/; classtype:trojan-activity;sid:83945030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3081274)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummac2.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_31; reference:url, urlhaus.abuse.ch/url/3081274/; classtype:trojan-activity;sid:83944374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3081269)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/1.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_31; reference:url, urlhaus.abuse.ch/url/3081269/; classtype:trojan-activity;sid:83944369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3079797)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.147.132.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_30; reference:url, urlhaus.abuse.ch/url/3079797/; classtype:trojan-activity;sid:83942897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3079460)"; flow:established,from_client; content:"GET"; http_method; content:"/webdav"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_30; reference:url, urlhaus.abuse.ch/url/3079460/; classtype:trojan-activity;sid:83942560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3079150)"; flow:established,from_client; content:"GET"; http_method; content:"/steam/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_30; reference:url, urlhaus.abuse.ch/url/3079150/; classtype:trojan-activity;sid:83942250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3078753)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/postbox.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_30; reference:url, urlhaus.abuse.ch/url/3078753/; classtype:trojan-activity;sid:83941853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3078669)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stealc_valenciga.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_30; reference:url, urlhaus.abuse.ch/url/3078669/; classtype:trojan-activity;sid:83941769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3075283)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/authenticator.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_28; reference:url, urlhaus.abuse.ch/url/3075283/; classtype:trojan-activity;sid:83938383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3075152)"; flow:established,from_client; content:"GET"; http_method; content:"/malware.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"dz0nhlj1q8ac3.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_28; reference:url, urlhaus.abuse.ch/url/3075152/; classtype:trojan-activity;sid:83938252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3075047)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/anticheat.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_28; reference:url, urlhaus.abuse.ch/url/3075047/; classtype:trojan-activity;sid:83938147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3075049)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build_2024-07-27_00-41.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_28; reference:url, urlhaus.abuse.ch/url/3075049/; classtype:trojan-activity;sid:83938149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3074802)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svhostc.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_28; reference:url, urlhaus.abuse.ch/url/3074802/; classtype:trojan-activity;sid:83937902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3074142)"; flow:established,from_client; content:"GET"; http_method; content:"/chromedump.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"158.140.133.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3074142/; classtype:trojan-activity;sid:83937242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072990)"; flow:established,from_client; content:"GET"; http_method; content:"/komasinfo/idcb/main/cbs_applcation_details_072602024_xlsx.rar"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072990/; classtype:trojan-activity;sid:83936090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072974)"; flow:established,from_client; content:"GET"; http_method; content:"/adrinnno/ptwis/raw/main/file_cbs_app_details_no-0923871691_xlsx.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072974/; classtype:trojan-activity;sid:83936074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072975)"; flow:established,from_client; content:"GET"; http_method; content:"/reporgu/fakado/raw/main/transaction_file_9812009_end_ids_yesbr5_pdf.rar"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072975/; classtype:trojan-activity;sid:83936075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072978)"; flow:established,from_client; content:"GET"; http_method; content:"/komasinfo/idcb/raw/main/cbs_applcation_details_072602024_xlsx.rar"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072978/; classtype:trojan-activity;sid:83936078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072969)"; flow:established,from_client; content:"GET"; http_method; content:"/deannwas/policah/main/file_cbs_app_details_no-0923871691_xlsx.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072969/; classtype:trojan-activity;sid:83936069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072970)"; flow:established,from_client; content:"GET"; http_method; content:"/trevsglass/morna/main/ref_ba0929399122_pdf.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072970/; classtype:trojan-activity;sid:83936070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072971)"; flow:established,from_client; content:"GET"; http_method; content:"/trevsglass/morna/raw/main/ref_ba0929399122_pdf.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072971/; classtype:trojan-activity;sid:83936071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072972)"; flow:established,from_client; content:"GET"; http_method; content:"/reporgu/fakado/main/transaction_file_9812009_end_ids_yesbr5_pdf.rar"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072972/; classtype:trojan-activity;sid:83936072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072973)"; flow:established,from_client; content:"GET"; http_method; content:"/grayinv/henidus/raw/main/transaction_end_ids_58788719853478_pdf.rar"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072973/; classtype:trojan-activity;sid:83936073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072521)"; flow:established,from_client; content:"GET"; http_method; content:"/mine/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072521/; classtype:trojan-activity;sid:83935621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071940)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build2.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071940/; classtype:trojan-activity;sid:83935040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071939)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pharmaciesdetection.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071939/; classtype:trojan-activity;sid:83935039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071844)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/influencednervous.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071844/; classtype:trojan-activity;sid:83934944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071843)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/buildred.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071843/; classtype:trojan-activity;sid:83934943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069729)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069729/; classtype:trojan-activity;sid:83932829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069717)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069717/; classtype:trojan-activity;sid:83932817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069617)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069617/; classtype:trojan-activity;sid:83932717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069510)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069510/; classtype:trojan-activity;sid:83932610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069502)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069502/; classtype:trojan-activity;sid:83932602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069438)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069438/; classtype:trojan-activity;sid:83932538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069343)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069343/; classtype:trojan-activity;sid:83932443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069334)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069334/; classtype:trojan-activity;sid:83932434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069309)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069309/; classtype:trojan-activity;sid:83932409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069282)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069282/; classtype:trojan-activity;sid:83932382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069242)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069242/; classtype:trojan-activity;sid:83932342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069239)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069239/; classtype:trojan-activity;sid:83932339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069103)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069103/; classtype:trojan-activity;sid:83932203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069082)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069082/; classtype:trojan-activity;sid:83932182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069085)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069085/; classtype:trojan-activity;sid:83932185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068965)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068965/; classtype:trojan-activity;sid:83932065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068918)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068918/; classtype:trojan-activity;sid:83932018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068844)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068844/; classtype:trojan-activity;sid:83931944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068803)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068803/; classtype:trojan-activity;sid:83931903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068792)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068792/; classtype:trojan-activity;sid:83931892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068784)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068784/; classtype:trojan-activity;sid:83931884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068788)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068788/; classtype:trojan-activity;sid:83931888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068780)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068780/; classtype:trojan-activity;sid:83931880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068750)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068750/; classtype:trojan-activity;sid:83931850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068734)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068734/; classtype:trojan-activity;sid:83931834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068739)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068739/; classtype:trojan-activity;sid:83931839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068710)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068710/; classtype:trojan-activity;sid:83931810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068699)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068699/; classtype:trojan-activity;sid:83931799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068694)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068694/; classtype:trojan-activity;sid:83931794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068680)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068680/; classtype:trojan-activity;sid:83931780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068664)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068664/; classtype:trojan-activity;sid:83931764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068656)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068656/; classtype:trojan-activity;sid:83931756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068643)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068643/; classtype:trojan-activity;sid:83931743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068599)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068599/; classtype:trojan-activity;sid:83931699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068595)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068595/; classtype:trojan-activity;sid:83931695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068593)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068593/; classtype:trojan-activity;sid:83931693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068579)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068579/; classtype:trojan-activity;sid:83931679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068584)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068584/; classtype:trojan-activity;sid:83931684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068572)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068572/; classtype:trojan-activity;sid:83931672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068561)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068561/; classtype:trojan-activity;sid:83931661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068564)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068564/; classtype:trojan-activity;sid:83931664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068569)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068569/; classtype:trojan-activity;sid:83931669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068548)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068548/; classtype:trojan-activity;sid:83931648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068550)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068550/; classtype:trojan-activity;sid:83931650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068538)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068538/; classtype:trojan-activity;sid:83931638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068539)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068539/; classtype:trojan-activity;sid:83931639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068540)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068540/; classtype:trojan-activity;sid:83931640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068542)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068542/; classtype:trojan-activity;sid:83931642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068546)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068546/; classtype:trojan-activity;sid:83931646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068547)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068547/; classtype:trojan-activity;sid:83931647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068534)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068534/; classtype:trojan-activity;sid:83931634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068535)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068535/; classtype:trojan-activity;sid:83931635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068351)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dccrypt.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068351/; classtype:trojan-activity;sid:83931451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068352)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/decryptjohn.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068352/; classtype:trojan-activity;sid:83931452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068353)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/server.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068353/; classtype:trojan-activity;sid:83931453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068350)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build_2024-07-25_20-56.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068350/; classtype:trojan-activity;sid:83931450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067426)"; flow:established,from_client; content:"GET"; http_method; content:"/well/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067426/; classtype:trojan-activity;sid:83930526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067427)"; flow:established,from_client; content:"GET"; http_method; content:"/soka/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067427/; classtype:trojan-activity;sid:83930527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067318)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2020.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067318/; classtype:trojan-activity;sid:83930418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067316)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gawdth.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067316/; classtype:trojan-activity;sid:83930416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067315)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/4ck3rr.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067315/; classtype:trojan-activity;sid:83930415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067314)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pered.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067314/; classtype:trojan-activity;sid:83930414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067313)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/25072023.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067313/; classtype:trojan-activity;sid:83930413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067312)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svhosts.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067312/; classtype:trojan-activity;sid:83930412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067310)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5447jsx.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067310/; classtype:trojan-activity;sid:83930410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067309)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067309/; classtype:trojan-activity;sid:83930409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067307)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypteda.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067307/; classtype:trojan-activity;sid:83930407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067308)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypted.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067308/; classtype:trojan-activity;sid:83930408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052814)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"106.15.239.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052814/; classtype:trojan-activity;sid:83915914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052707)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052707/; classtype:trojan-activity;sid:83915807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052706)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"220.248.47.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052706/; classtype:trojan-activity;sid:83915806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/mimikatz.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052415/; classtype:trojan-activity;sid:83915515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimispool.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052412/; classtype:trojan-activity;sid:83915512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimilib.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052413/; classtype:trojan-activity;sid:83915513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimidrv.sys"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052414/; classtype:trojan-activity;sid:83915514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimidrv.sys"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052395/; classtype:trojan-activity;sid:83915495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimikatz.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052400/; classtype:trojan-activity;sid:83915500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimispool.dll"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052392/; classtype:trojan-activity;sid:83915492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilove.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052393/; classtype:trojan-activity;sid:83915493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilib.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052394/; classtype:trojan-activity;sid:83915494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045201)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045201/; classtype:trojan-activity;sid:83908301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045203)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045203/; classtype:trojan-activity;sid:83908303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045192)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045192/; classtype:trojan-activity;sid:83908292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045176)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045176/; classtype:trojan-activity;sid:83908276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045166)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045166/; classtype:trojan-activity;sid:83908266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045169)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045169/; classtype:trojan-activity;sid:83908269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045165)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045165/; classtype:trojan-activity;sid:83908265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045145)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045145/; classtype:trojan-activity;sid:83908245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2968688)"; flow:established,from_client; content:"GET"; http_method; content:"/av_downloader1.1.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2968688/; classtype:trojan-activity;sid:83831788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2968679)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/12.apk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2968679/; classtype:trojan-activity;sid:83831779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2968678)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/22.apk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2968678/; classtype:trojan-activity;sid:83831778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952278)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/rz.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952278/; classtype:trojan-activity;sid:83815378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952271)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/ny1.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952271/; classtype:trojan-activity;sid:83815371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952272)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/async.txt"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952272/; classtype:trojan-activity;sid:83815372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952273)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/wx1.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952273/; classtype:trojan-activity;sid:83815373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952274)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/rup.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952274/; classtype:trojan-activity;sid:83815374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952275)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/rr2.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952275/; classtype:trojan-activity;sid:83815375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952276)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/r.txt"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952276/; classtype:trojan-activity;sid:83815376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952277)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/rmup.txt"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952277/; classtype:trojan-activity;sid:83815377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952266)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/nj.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952266/; classtype:trojan-activity;sid:83815366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952267)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/nj.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952267/; classtype:trojan-activity;sid:83815367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952268)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nc.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952268/; classtype:trojan-activity;sid:83815368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952269)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/ny0.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952269/; classtype:trojan-activity;sid:83815369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952263)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/r1.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952263/; classtype:trojan-activity;sid:83815363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952264)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/nx.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952264/; classtype:trojan-activity;sid:83815364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952265)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/ps1.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952265/; classtype:trojan-activity;sid:83815365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952259)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/p.txt"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952259/; classtype:trojan-activity;sid:83815359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952260)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/n3.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952260/; classtype:trojan-activity;sid:83815360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952261)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/n3.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952261/; classtype:trojan-activity;sid:83815361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952262)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/p.txt"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952262/; classtype:trojan-activity;sid:83815362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952253)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/ps1.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952253/; classtype:trojan-activity;sid:83815353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952257)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/r.txt"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952257/; classtype:trojan-activity;sid:83815357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952244)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/rr2.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952244/; classtype:trojan-activity;sid:83815344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952247)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/async.txt"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952247/; classtype:trojan-activity;sid:83815347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952248)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/dcr.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952248/; classtype:trojan-activity;sid:83815348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952249)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/ny1.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952249/; classtype:trojan-activity;sid:83815349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952251)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/rm.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952251/; classtype:trojan-activity;sid:83815351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952239)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/nx.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952239/; classtype:trojan-activity;sid:83815339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952240)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/zx2.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952240/; classtype:trojan-activity;sid:83815340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952241)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/q2.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952241/; classtype:trojan-activity;sid:83815341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952242)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/r1.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952242/; classtype:trojan-activity;sid:83815342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952234)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/ny0.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952234/; classtype:trojan-activity;sid:83815334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952237)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/q2.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952237/; classtype:trojan-activity;sid:83815337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952231)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/rm.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952231/; classtype:trojan-activity;sid:83815331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952232)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/rmup.txt"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952232/; classtype:trojan-activity;sid:83815332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952233)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/pr.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952233/; classtype:trojan-activity;sid:83815333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952226)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/asx.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952226/; classtype:trojan-activity;sid:83815326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952228)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/rup.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952228/; classtype:trojan-activity;sid:83815328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952229)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nc.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952229/; classtype:trojan-activity;sid:83815329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952230)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/rz.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952230/; classtype:trojan-activity;sid:83815330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952224)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/q7.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952224/; classtype:trojan-activity;sid:83815324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952225)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/asx.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952225/; classtype:trojan-activity;sid:83815325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952220)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/zqwer/pef3dir.txt"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952220/; classtype:trojan-activity;sid:83815320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952221)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/q1.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952221/; classtype:trojan-activity;sid:83815321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952222)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/rmz.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952222/; classtype:trojan-activity;sid:83815322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952218)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/q7.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952218/; classtype:trojan-activity;sid:83815318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952219)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/t3.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952219/; classtype:trojan-activity;sid:83815319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952215)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/wx1.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952215/; classtype:trojan-activity;sid:83815315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952216)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/t3.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952216/; classtype:trojan-activity;sid:83815316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952217)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/rmz.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952217/; classtype:trojan-activity;sid:83815317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952212)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/njz.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952212/; classtype:trojan-activity;sid:83815312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952213)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/q1.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952213/; classtype:trojan-activity;sid:83815313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952214)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/dcr.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952214/; classtype:trojan-activity;sid:83815314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952211)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/pr.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952211/; classtype:trojan-activity;sid:83815311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952209)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/zqwer/dllxf3.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952209/; classtype:trojan-activity;sid:83815309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952204)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/zx2.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952204/; classtype:trojan-activity;sid:83815304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952205)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/njx.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952205/; classtype:trojan-activity;sid:83815305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952206)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/njz.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952206/; classtype:trojan-activity;sid:83815306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952208)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/njx.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952208/; classtype:trojan-activity;sid:83815308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949407)"; flow:established,from_client; content:"GET"; http_method; content:"/tan.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www999999safagqwhg-1327129302.cos.ap-chengdu.myqcloud.com"; http_host; depth:57; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949407/; classtype:trojan-activity;sid:83812507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949406)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.210.27.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949406/; classtype:trojan-activity;sid:83812506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949385)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1rsqnkyvcaein5m-gskl8coyuh8w5xrbd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949385/; classtype:trojan-activity;sid:83812485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949176)"; flow:established,from_client; content:"GET"; http_method; content:"/tan.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www999999asgasg-1327129302.cos.ap-chengdu.myqcloud.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949176/; classtype:trojan-activity;sid:83812276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2946132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.247.206.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2946132/; classtype:trojan-activity;sid:83809232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2944285)"; flow:established,from_client; content:"GET"; http_method; content:"/jijilovedada/jijilovedada/main/tools/cc/adaptorovernight.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2944285/; classtype:trojan-activity;sid:83807385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2943953)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/sss.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"39.103.150.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2943953/; classtype:trojan-activity;sid:83807053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2943264)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.183.9.88"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2943264/; classtype:trojan-activity;sid:83806364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942727)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/1.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942727/; classtype:trojan-activity;sid:83805827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942725)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download//1.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942725/; classtype:trojan-activity;sid:83805825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942717)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/1.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"111.231.145.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942717/; classtype:trojan-activity;sid:83805817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942718)"; flow:established,from_client; content:"GET"; http_method; content:"/fucksupershell"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.88.186.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942718/; classtype:trojan-activity;sid:83805818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942715)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/tool"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"101.35.228.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942715/; classtype:trojan-activity;sid:83805815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942714)"; flow:established,from_client; content:"GET"; http_method; content:"/rssh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"222.88.186.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942714/; classtype:trojan-activity;sid:83805814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942694)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/123.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942694/; classtype:trojan-activity;sid:83805794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942673)"; flow:established,from_client; content:"GET"; http_method; content:"//shell.elf"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.96.128.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942673/; classtype:trojan-activity;sid:83805773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942671)"; flow:established,from_client; content:"GET"; http_method; content:"/gdb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.96.128.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942671/; classtype:trojan-activity;sid:83805771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942567)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/win"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"8.218.138.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942567/; classtype:trojan-activity;sid:83805667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942557)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/tool.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"101.35.228.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942557/; classtype:trojan-activity;sid:83805657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934823)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/000.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934823/; classtype:trojan-activity;sid:83797923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934824)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/trojan.malpack.themida%20(anti%20vm).exe"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934824/; classtype:trojan-activity;sid:83797924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934818)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/jigsaw.exe"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934818/; classtype:trojan-activity;sid:83797918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934819)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/freeyoutubedownloader.exe"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934819/; classtype:trojan-activity;sid:83797919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934820)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/memz.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934820/; classtype:trojan-activity;sid:83797920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934821)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/noescape.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934821/; classtype:trojan-activity;sid:83797921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934822)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/destover.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934822/; classtype:trojan-activity;sid:83797922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934816)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/meredrop.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934816/; classtype:trojan-activity;sid:83797916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934817)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/redlinestealer.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934817/; classtype:trojan-activity;sid:83797917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934811)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/hive%20ransomware.exe"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934811/; classtype:trojan-activity;sid:83797911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934812)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/wannacry.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934812/; classtype:trojan-activity;sid:83797912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934813)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/nomoreransom.exe"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934813/; classtype:trojan-activity;sid:83797913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934808)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/petya.a.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934808/; classtype:trojan-activity;sid:83797908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934809)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/cryptowall.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934809/; classtype:trojan-activity;sid:83797909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934810)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/infinitycrypt.exe"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934810/; classtype:trojan-activity;sid:83797910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934805)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/coronavirus.exe"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934805/; classtype:trojan-activity;sid:83797905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932525)"; flow:established,from_client; content:"GET"; http_method; content:"/fotonview.apk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932525/; classtype:trojan-activity;sid:83795625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932524)"; flow:established,from_client; content:"GET"; http_method; content:"/evaluation.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932524/; classtype:trojan-activity;sid:83795624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932523)"; flow:established,from_client; content:"GET"; http_method; content:"/cameracomponent.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932523/; classtype:trojan-activity;sid:83795623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932522)"; flow:established,from_client; content:"GET"; http_method; content:"/kuwaitsetuphockey.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932522/; classtype:trojan-activity;sid:83795622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932521)"; flow:established,from_client; content:"GET"; http_method; content:"/officialsevaluationold.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932521/; classtype:trojan-activity;sid:83795621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932520)"; flow:established,from_client; content:"GET"; http_method; content:"/srbijasetuphokej.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932520/; classtype:trojan-activity;sid:83795620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932466)"; flow:established,from_client; content:"GET"; http_method; content:"/64.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.108.60.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932466/; classtype:trojan-activity;sid:83795566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932462)"; flow:established,from_client; content:"GET"; http_method; content:"/hooks.jpg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"hook.ftp21.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932462/; classtype:trojan-activity;sid:83795562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932461)"; flow:established,from_client; content:"GET"; http_method; content:"/mpmgsvc.jpg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"hook.ftp21.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932461/; classtype:trojan-activity;sid:83795561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932460)"; flow:established,from_client; content:"GET"; http_method; content:"/445.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"down.ftp21.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932460/; classtype:trojan-activity;sid:83795560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2922320)"; flow:established,from_client; content:"GET"; http_method; content:"/lazagne.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2922320/; classtype:trojan-activity;sid:83785420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2921858)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.15.254.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2921858/; classtype:trojan-activity;sid:83784958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2917510)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.23.169.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2917510/; classtype:trojan-activity;sid:83780610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916186)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916186/; classtype:trojan-activity;sid:83779286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916093)"; flow:established,from_client; content:"GET"; http_method; content:"/mpmgsvc.jpg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"211.108.60.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916093/; classtype:trojan-activity;sid:83779193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2914055)"; flow:established,from_client; content:"GET"; http_method; content:"/tq.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"down.ftp21.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_30; reference:url, urlhaus.abuse.ch/url/2914055/; classtype:trojan-activity;sid:83777155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2914056)"; flow:established,from_client; content:"GET"; http_method; content:"/wmi.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"down.ftp21.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_30; reference:url, urlhaus.abuse.ch/url/2914056/; classtype:trojan-activity;sid:83777156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2912423)"; flow:established,from_client; content:"GET"; http_method; content:"/tq.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ssl.ftp21.cc"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_29; reference:url, urlhaus.abuse.ch/url/2912423/; classtype:trojan-activity;sid:83775523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911222)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.3.78.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911222/; classtype:trojan-activity;sid:83774322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911219)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911219/; classtype:trojan-activity;sid:83774319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911217)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911217/; classtype:trojan-activity;sid:83774317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911215)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911215/; classtype:trojan-activity;sid:83774315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911212)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.185.193.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911212/; classtype:trojan-activity;sid:83774312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911194)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"195.103.203.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911194/; classtype:trojan-activity;sid:83774294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911187)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"102.53.15.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911187/; classtype:trojan-activity;sid:83774287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911184)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"126.23.203.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911184/; classtype:trojan-activity;sid:83774284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911182)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.143.54.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911182/; classtype:trojan-activity;sid:83774282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911167)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.115.102.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911167/; classtype:trojan-activity;sid:83774267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911166)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.22.139.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911166/; classtype:trojan-activity;sid:83774266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911154)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"95.255.114.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911154/; classtype:trojan-activity;sid:83774254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911160)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"181.36.153.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911160/; classtype:trojan-activity;sid:83774260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911150)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.215.253.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911150/; classtype:trojan-activity;sid:83774250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911141)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.147.147.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911141/; classtype:trojan-activity;sid:83774241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911140)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.31.159.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911140/; classtype:trojan-activity;sid:83774240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911133)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"102.53.15.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911133/; classtype:trojan-activity;sid:83774233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911131)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.253.12.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911131/; classtype:trojan-activity;sid:83774231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911129)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cpc138130-hatf10-2-0-cust814.9-3.cable.virginm.net"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911129/; classtype:trojan-activity;sid:83774229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911126)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.186.91.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911126/; classtype:trojan-activity;sid:83774226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911122)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"102.53.15.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911122/; classtype:trojan-activity;sid:83774222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911123)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.213.59.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911123/; classtype:trojan-activity;sid:83774223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911119)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83-87-76-41.cable.dynamic.v4.ziggo.nl"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911119/; classtype:trojan-activity;sid:83774219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911118)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.87.76.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911118/; classtype:trojan-activity;sid:83774218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911113)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"softbank126023203236.bbtec.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911113/; classtype:trojan-activity;sid:83774213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911109)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"epei77.direct.quickconnect.to"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911109/; classtype:trojan-activity;sid:83774209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911108)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"host-195-103-203-106.business.telecomitalia.it"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911108/; classtype:trojan-activity;sid:83774208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911105)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"host-95-255-114-11.business.telecomitalia.it"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911105/; classtype:trojan-activity;sid:83774205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910756)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.248.81.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910756/; classtype:trojan-activity;sid:83773856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910687)"; flow:established,from_client; content:"GET"; http_method; content:"/config/qnvqkfym.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"b46.oss-cn-hongkong.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910687/; classtype:trojan-activity;sid:83773787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910224)"; flow:established,from_client; content:"GET"; http_method; content:"/payloads/dmshell.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"shell.dimitrimedia.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910224/; classtype:trojan-activity;sid:83773324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910223)"; flow:established,from_client; content:"GET"; http_method; content:"/payloads/dmshell.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"172-105-66-118.ip.linodeusercontent.com"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910223/; classtype:trojan-activity;sid:83773323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909370)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.149.71.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909370/; classtype:trojan-activity;sid:83772470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909310)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.118.79.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909310/; classtype:trojan-activity;sid:83772410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909291)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.184.185.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909291/; classtype:trojan-activity;sid:83772391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909290)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.224.107.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909290/; classtype:trojan-activity;sid:83772390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908910)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"170.210.81.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908910/; classtype:trojan-activity;sid:83772010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908913)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.72.167.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908913/; classtype:trojan-activity;sid:83772013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908909)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"12.196.184.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908909/; classtype:trojan-activity;sid:83772009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908899)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"211.192.113.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908899/; classtype:trojan-activity;sid:83771999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908900)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"190.108.63.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908900/; classtype:trojan-activity;sid:83772000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908901)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"211.192.113.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908901/; classtype:trojan-activity;sid:83772001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908902)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.57.39.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908902/; classtype:trojan-activity;sid:83772002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908903)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.142.209.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908903/; classtype:trojan-activity;sid:83772003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908906)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"211.40.16.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908906/; classtype:trojan-activity;sid:83772006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908891)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"200.123.251.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908891/; classtype:trojan-activity;sid:83771991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908894)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"170.210.81.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908894/; classtype:trojan-activity;sid:83771994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908888)"; flow:established,from_client; content:"GET"; http_method; content:"/deccastationers.msi"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"karoonpc.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908888/; classtype:trojan-activity;sid:83771988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908887)"; flow:established,from_client; content:"GET"; http_method; content:"/deccastationers.msi"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"karoonpc.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908887/; classtype:trojan-activity;sid:83771987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908012)"; flow:established,from_client; content:"GET"; http_method; content:"/8/items/new_image_20240619_1432/new_image.jpg"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"ia800400.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_06_26; reference:url, urlhaus.abuse.ch/url/2908012/; classtype:trojan-activity;sid:83771112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906475)"; flow:established,from_client; content:"GET"; http_method; content:"/img001.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906475/; classtype:trojan-activity;sid:83769575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905204)"; flow:established,from_client; content:"GET"; http_method; content:"/img001.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905204/; classtype:trojan-activity;sid:83768304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905199)"; flow:established,from_client; content:"GET"; http_method; content:"/install_python3.sh"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"116.206.151.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905199/; classtype:trojan-activity;sid:83768299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905145)"; flow:established,from_client; content:"GET"; http_method; content:"/av_downloader.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905145/; classtype:trojan-activity;sid:83768245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905125)"; flow:established,from_client; content:"GET"; http_method; content:"/pornhub_downloader.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905125/; classtype:trojan-activity;sid:83768225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905115)"; flow:established,from_client; content:"GET"; http_method; content:"/install_python3.sh"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905115/; classtype:trojan-activity;sid:83768215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2901197)"; flow:established,from_client; content:"GET"; http_method; content:"/zwzonepieces/posapsi/master/chatlife.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_22; reference:url, urlhaus.abuse.ch/url/2901197/; classtype:trojan-activity;sid:83764297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2900550)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.118.121.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_21; reference:url, urlhaus.abuse.ch/url/2900550/; classtype:trojan-activity;sid:83763650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2900548)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.156.154.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_21; reference:url, urlhaus.abuse.ch/url/2900548/; classtype:trojan-activity;sid:83763648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899910)"; flow:established,from_client; content:"GET"; http_method; content:"/16/items/new_image_202406/new_image.jpg"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"ia803405.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_06_21; reference:url, urlhaus.abuse.ch/url/2899910/; classtype:trojan-activity;sid:83763010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898814)"; flow:established,from_client; content:"GET"; http_method; content:"/fury-os/fury_kms/releases/download/v.1.6.0/furykms_v.1.6.0.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898814/; classtype:trojan-activity;sid:83761914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2896954)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.72.254.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2896954/; classtype:trojan-activity;sid:83760054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2896955)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.72.254.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2896955/; classtype:trojan-activity;sid:83760055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2896956)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.72.254.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2896956/; classtype:trojan-activity;sid:83760056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2896950)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.72.254.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2896950/; classtype:trojan-activity;sid:83760050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2896951)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.72.254.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2896951/; classtype:trojan-activity;sid:83760051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2896948)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.72.254.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2896948/; classtype:trojan-activity;sid:83760048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2894025)"; flow:established,from_client; content:"GET"; http_method; content:"/kailash-jakhar/webpack-v5-tutorial/main/quizpokemon.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_17; reference:url, urlhaus.abuse.ch/url/2894025/; classtype:trojan-activity;sid:83757125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2892223)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.19.13.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_16; reference:url, urlhaus.abuse.ch/url/2892223/; classtype:trojan-activity;sid:83755323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888479)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"58.215.245.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888479/; classtype:trojan-activity;sid:83751579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888476)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"59.175.183.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888476/; classtype:trojan-activity;sid:83751576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888474)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.2.65.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888474/; classtype:trojan-activity;sid:83751574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888469)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"222.244.110.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888469/; classtype:trojan-activity;sid:83751569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888463)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"118.178.133.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888463/; classtype:trojan-activity;sid:83751563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888460)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.2.65.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888460/; classtype:trojan-activity;sid:83751560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888459)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"112.27.189.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888459/; classtype:trojan-activity;sid:83751559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888458)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.2.65.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888458/; classtype:trojan-activity;sid:83751558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888456)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.2.65.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888456/; classtype:trojan-activity;sid:83751556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888447)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"115.28.26.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888447/; classtype:trojan-activity;sid:83751547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888445)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.2.65.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888445/; classtype:trojan-activity;sid:83751545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888444)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"124.67.254.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888444/; classtype:trojan-activity;sid:83751544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888440)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"139.159.155.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888440/; classtype:trojan-activity;sid:83751540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888438)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"139.159.155.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888438/; classtype:trojan-activity;sid:83751538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888430)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"117.157.17.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888430/; classtype:trojan-activity;sid:83751530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2885860)"; flow:established,from_client; content:"GET"; http_method; content:"/brunovale03/adegaads/main/offeredbuilt.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_13; reference:url, urlhaus.abuse.ch/url/2885860/; classtype:trojan-activity;sid:83748960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2883947)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.156.224.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_11; reference:url, urlhaus.abuse.ch/url/2883947/; classtype:trojan-activity;sid:83747047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2883708)"; flow:established,from_client; content:"GET"; http_method; content:"/sirvivor32/sirvivor/main/lukejazz.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_11; reference:url, urlhaus.abuse.ch/url/2883708/; classtype:trojan-activity;sid:83746808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2882153)"; flow:established,from_client; content:"GET"; http_method; content:"/payloads/dmshell.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"172.105.66.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_10; reference:url, urlhaus.abuse.ch/url/2882153/; classtype:trojan-activity;sid:83745253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2881768)"; flow:established,from_client; content:"GET"; http_method; content:"/cg100/update.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_06_10; reference:url, urlhaus.abuse.ch/url/2881768/; classtype:trojan-activity;sid:83744868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879955)"; flow:established,from_client; content:"GET"; http_method; content:"/unp%20setup.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"36.138.125.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879955/; classtype:trojan-activity;sid:83743055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879846)"; flow:established,from_client; content:"GET"; http_method; content:"/cve/cve-2021-4034"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"47.120.46.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879846/; classtype:trojan-activity;sid:83742946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879845)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/test.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"47.120.46.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879845/; classtype:trojan-activity;sid:83742945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879655)"; flow:established,from_client; content:"GET"; http_method; content:"/sharphound.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"92.127.156.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879655/; classtype:trojan-activity;sid:83742755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2877890)"; flow:established,from_client; content:"GET"; http_method; content:"/ustaxes/ustaxes/files/15421286/2022and2023taxdocuments.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_07; reference:url, urlhaus.abuse.ch/url/2877890/; classtype:trojan-activity;sid:83740990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2877319)"; flow:established,from_client; content:"GET"; http_method; content:"/slade107.psm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"karoonpc.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_06; reference:url, urlhaus.abuse.ch/url/2877319/; classtype:trojan-activity;sid:83740419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2875723)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/zqwer/dllxf3.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_05; reference:url, urlhaus.abuse.ch/url/2875723/; classtype:trojan-activity;sid:83738823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2875722)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/zqwer/pef3dir.txt"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_05; reference:url, urlhaus.abuse.ch/url/2875722/; classtype:trojan-activity;sid:83738822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874516)"; flow:established,from_client; content:"GET"; http_method; content:"/o.elf"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"reusable-flex.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874516/; classtype:trojan-activity;sid:83737616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874107)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=19nonxskhmwbvfxpr2ccmwd9xrhz1ldco"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874107/; classtype:trojan-activity;sid:83737207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874102)"; flow:established,from_client; content:"GET"; http_method; content:"/walesboller.pcx"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"karoonpc.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874102/; classtype:trojan-activity;sid:83737202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2873811)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.118.112.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2873811/; classtype:trojan-activity;sid:83736911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2871410)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12gxtnsqsjokneqetkvk1a99fni-es6ir"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_01; reference:url, urlhaus.abuse.ch/url/2871410/; classtype:trojan-activity;sid:83734510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wsqkirdngjlt8uu2lv9mzciks4my12jh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870235/; classtype:trojan-activity;sid:83733335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870174)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.187.7.29"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870174/; classtype:trojan-activity;sid:83733274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869849)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.91.25.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869849/; classtype:trojan-activity;sid:83732949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869844)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.91.25.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869844/; classtype:trojan-activity;sid:83732944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869702)"; flow:established,from_client; content:"GET"; http_method; content:"/sheksweet/sheksweet1/main/rambledmime.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869702/; classtype:trojan-activity;sid:83732802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869436)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/rssh"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"222.88.186.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2869436/; classtype:trojan-activity;sid:83732536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868723)"; flow:established,from_client; content:"GET"; http_method; content:"/a.i_1003h.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"221.143.49.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868723/; classtype:trojan-activity;sid:83731823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868722)"; flow:established,from_client; content:"GET"; http_method; content:"/batch.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.99.131.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868722/; classtype:trojan-activity;sid:83731822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868720)"; flow:established,from_client; content:"GET"; http_method; content:"/coreminer-linux-x86_64.tar.gz"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"39.99.131.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868720/; classtype:trojan-activity;sid:83731820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868719)"; flow:established,from_client; content:"GET"; http_method; content:"/powershell/start-powershellfordopaddcrontab.psl"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"39.99.131.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868719/; classtype:trojan-activity;sid:83731819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868710)"; flow:established,from_client; content:"GET"; http_method; content:"/powershell/start-powershellfordop.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"39.99.131.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868710/; classtype:trojan-activity;sid:83731810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868714)"; flow:established,from_client; content:"GET"; http_method; content:"/powershell/start-powershellxlies.txt"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"39.99.131.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868714/; classtype:trojan-activity;sid:83731814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867270)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmed45sh/flutter-movie/master/crypted_c360a5b7.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867270/; classtype:trojan-activity;sid:83730370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867236)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmed45sh/apple-replica-starter-files/master/apple-replica/zintask.exe"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867236/; classtype:trojan-activity;sid:83730336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865442)"; flow:established,from_client; content:"GET"; http_method; content:"/ggws_upload.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865442/; classtype:trojan-activity;sid:83728542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865272)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthbq.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865272/; classtype:trojan-activity;sid:83728372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865273)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthupload.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865273/; classtype:trojan-activity;sid:83728373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865241)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthupdate.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865241/; classtype:trojan-activity;sid:83728341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864267)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864267/; classtype:trojan-activity;sid:83727367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864266)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.241.74.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864266/; classtype:trojan-activity;sid:83727366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864261)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.42.198.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864261/; classtype:trojan-activity;sid:83727361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864256)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"24.120.175.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864256/; classtype:trojan-activity;sid:83727356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864246)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.139.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864246/; classtype:trojan-activity;sid:83727346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864247)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864247/; classtype:trojan-activity;sid:83727347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864249)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864249/; classtype:trojan-activity;sid:83727349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864252)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.42.198.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864252/; classtype:trojan-activity;sid:83727352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864253)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"162.191.190.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864253/; classtype:trojan-activity;sid:83727353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864254)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864254/; classtype:trojan-activity;sid:83727354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864255)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.139.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864255/; classtype:trojan-activity;sid:83727355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864244)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.247.206.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864244/; classtype:trojan-activity;sid:83727344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863534)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863534/; classtype:trojan-activity;sid:83726634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863372)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"221.10.233.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863372/; classtype:trojan-activity;sid:83726472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863373)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.88.50.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863373/; classtype:trojan-activity;sid:83726473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863371)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863371/; classtype:trojan-activity;sid:83726471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863363)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.85.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863363/; classtype:trojan-activity;sid:83726463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863354)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.88.50.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863354/; classtype:trojan-activity;sid:83726454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863355)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.88.50.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863355/; classtype:trojan-activity;sid:83726455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863341)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.108.58.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863341/; classtype:trojan-activity;sid:83726441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863342)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863342/; classtype:trojan-activity;sid:83726442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863343)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"162.191.190.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863343/; classtype:trojan-activity;sid:83726443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863345)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863345/; classtype:trojan-activity;sid:83726445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863346)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.43.19.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863346/; classtype:trojan-activity;sid:83726446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863328)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.135.42.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863328/; classtype:trojan-activity;sid:83726428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863333)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.77.57.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863333/; classtype:trojan-activity;sid:83726433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863334)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.49.168.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863334/; classtype:trojan-activity;sid:83726434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863321)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.135.42.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863321/; classtype:trojan-activity;sid:83726421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863322)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.135.42.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863322/; classtype:trojan-activity;sid:83726422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862107)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"125.168.166.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862107/; classtype:trojan-activity;sid:83725207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862050)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/8gikly"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862050/; classtype:trojan-activity;sid:83725150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862051)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/medjl1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862051/; classtype:trojan-activity;sid:83725151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862052)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/dy1f16"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862052/; classtype:trojan-activity;sid:83725152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862053)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/kx3wl4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862053/; classtype:trojan-activity;sid:83725153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862054)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/ppxodm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862054/; classtype:trojan-activity;sid:83725154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862055)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/e7opy8"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862055/; classtype:trojan-activity;sid:83725155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862056)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/7dhid7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862056/; classtype:trojan-activity;sid:83725156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862049)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/tbfvpd"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862049/; classtype:trojan-activity;sid:83725149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862046)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/6f2c5c"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862046/; classtype:trojan-activity;sid:83725146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862047)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/g2js91"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862047/; classtype:trojan-activity;sid:83725147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862044)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/lt00vw"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862044/; classtype:trojan-activity;sid:83725144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862045)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/i7tdbr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862045/; classtype:trojan-activity;sid:83725145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862043)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/3a9xj1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862043/; classtype:trojan-activity;sid:83725143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862042)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/wyg3h5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862042/; classtype:trojan-activity;sid:83725142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862022)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.3.211.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862022/; classtype:trojan-activity;sid:83725122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862020)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.216.105.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862020/; classtype:trojan-activity;sid:83725120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862018)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.62.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862018/; classtype:trojan-activity;sid:83725118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862017)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862017/; classtype:trojan-activity;sid:83725117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862004)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862004/; classtype:trojan-activity;sid:83725104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862007)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862007/; classtype:trojan-activity;sid:83725107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862009)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862009/; classtype:trojan-activity;sid:83725109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862010)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"166.144.131.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862010/; classtype:trojan-activity;sid:83725110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862011)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.223.106.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862011/; classtype:trojan-activity;sid:83725111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862013)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"39.175.56.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862013/; classtype:trojan-activity;sid:83725113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862014)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862014/; classtype:trojan-activity;sid:83725114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861998)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.85.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861998/; classtype:trojan-activity;sid:83725098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861987)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861987/; classtype:trojan-activity;sid:83725087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861978)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.165.122.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861978/; classtype:trojan-activity;sid:83725078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861980)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.223.106.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861980/; classtype:trojan-activity;sid:83725080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861982)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861982/; classtype:trojan-activity;sid:83725082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861962)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.125.243.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861962/; classtype:trojan-activity;sid:83725062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861967)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.145.144.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861967/; classtype:trojan-activity;sid:83725067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861969)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"39.175.56.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861969/; classtype:trojan-activity;sid:83725069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861971)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"132.255.192.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861971/; classtype:trojan-activity;sid:83725071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861972)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"39.175.56.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861972/; classtype:trojan-activity;sid:83725072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861956)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.26.194.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861956/; classtype:trojan-activity;sid:83725056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861958)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861958/; classtype:trojan-activity;sid:83725058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861959)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861959/; classtype:trojan-activity;sid:83725059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861951)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.84.167.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861951/; classtype:trojan-activity;sid:83725051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861950)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.47.248.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861950/; classtype:trojan-activity;sid:83725050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861946)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.22.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861946/; classtype:trojan-activity;sid:83725046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861948)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861948/; classtype:trojan-activity;sid:83725048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861949)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14stirling.dyndns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861949/; classtype:trojan-activity;sid:83725049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861917)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.199.4.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861917/; classtype:trojan-activity;sid:83725017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861919)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861919/; classtype:trojan-activity;sid:83725019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861923)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861923/; classtype:trojan-activity;sid:83725023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861927)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.82.83.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861927/; classtype:trojan-activity;sid:83725027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861929)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.230.215.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861929/; classtype:trojan-activity;sid:83725029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861930)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.134.214.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861930/; classtype:trojan-activity;sid:83725030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861931)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861931/; classtype:trojan-activity;sid:83725031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861932)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861932/; classtype:trojan-activity;sid:83725032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861935)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861935/; classtype:trojan-activity;sid:83725035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861939)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861939/; classtype:trojan-activity;sid:83725039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861940)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861940/; classtype:trojan-activity;sid:83725040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861941)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861941/; classtype:trojan-activity;sid:83725041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861943)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861943/; classtype:trojan-activity;sid:83725043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861945)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861945/; classtype:trojan-activity;sid:83725045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861914)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.85.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861914/; classtype:trojan-activity;sid:83725014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861888)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/dvbcvt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861888/; classtype:trojan-activity;sid:83724988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861887)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/exw2o1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861887/; classtype:trojan-activity;sid:83724987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861841)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861841/; classtype:trojan-activity;sid:83724941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861842)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861842/; classtype:trojan-activity;sid:83724942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861843)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861843/; classtype:trojan-activity;sid:83724943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861844)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861844/; classtype:trojan-activity;sid:83724944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861852)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.176.204.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861852/; classtype:trojan-activity;sid:83724952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861854)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861854/; classtype:trojan-activity;sid:83724954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861836)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861836/; classtype:trojan-activity;sid:83724936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861838)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861838/; classtype:trojan-activity;sid:83724938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861839)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861839/; classtype:trojan-activity;sid:83724939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861834)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.3.248.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861834/; classtype:trojan-activity;sid:83724934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861831)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.176.204.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861831/; classtype:trojan-activity;sid:83724931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861828)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"141.134.214.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861828/; classtype:trojan-activity;sid:83724928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861826)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861826/; classtype:trojan-activity;sid:83724926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861827)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"68.107.218.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861827/; classtype:trojan-activity;sid:83724927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861824)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.22.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861824/; classtype:trojan-activity;sid:83724924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861820)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861820/; classtype:trojan-activity;sid:83724920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861821)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"66.214.27.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861821/; classtype:trojan-activity;sid:83724921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861822)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861822/; classtype:trojan-activity;sid:83724922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861819)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861819/; classtype:trojan-activity;sid:83724919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861817)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"124.19.79.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861817/; classtype:trojan-activity;sid:83724917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861818)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.64.76.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861818/; classtype:trojan-activity;sid:83724918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861814)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861814/; classtype:trojan-activity;sid:83724914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861815)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"204.11.227.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861815/; classtype:trojan-activity;sid:83724915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861810)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"1.179.62.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861810/; classtype:trojan-activity;sid:83724910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861812)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861812/; classtype:trojan-activity;sid:83724912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861808)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861808/; classtype:trojan-activity;sid:83724908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861801)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"107.145.144.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861801/; classtype:trojan-activity;sid:83724901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861802)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861802/; classtype:trojan-activity;sid:83724902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861799)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861799/; classtype:trojan-activity;sid:83724899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861800)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861800/; classtype:trojan-activity;sid:83724900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861798)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"132.255.192.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861798/; classtype:trojan-activity;sid:83724898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861796)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861796/; classtype:trojan-activity;sid:83724896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861794)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861794/; classtype:trojan-activity;sid:83724894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861790)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861790/; classtype:trojan-activity;sid:83724890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861789)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.231.190.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861789/; classtype:trojan-activity;sid:83724889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861785)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861785/; classtype:trojan-activity;sid:83724885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861786)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861786/; classtype:trojan-activity;sid:83724886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861781)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861781/; classtype:trojan-activity;sid:83724881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861776)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861776/; classtype:trojan-activity;sid:83724876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861778)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861778/; classtype:trojan-activity;sid:83724878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861769)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"102.165.122.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861769/; classtype:trojan-activity;sid:83724869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861770)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861770/; classtype:trojan-activity;sid:83724870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861773)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861773/; classtype:trojan-activity;sid:83724873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861758)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861758/; classtype:trojan-activity;sid:83724858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861761)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"159.196.71.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861761/; classtype:trojan-activity;sid:83724861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861763)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861763/; classtype:trojan-activity;sid:83724863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861754)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.183.85.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861754/; classtype:trojan-activity;sid:83724854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861755)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861755/; classtype:trojan-activity;sid:83724855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861750)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861750/; classtype:trojan-activity;sid:83724850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861749)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861749/; classtype:trojan-activity;sid:83724849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861743)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861743/; classtype:trojan-activity;sid:83724843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861744)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"39.175.56.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861744/; classtype:trojan-activity;sid:83724844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861735)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861735/; classtype:trojan-activity;sid:83724835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861737)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861737/; classtype:trojan-activity;sid:83724837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861740)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861740/; classtype:trojan-activity;sid:83724840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861729)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861729/; classtype:trojan-activity;sid:83724829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861730)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.200.171.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861730/; classtype:trojan-activity;sid:83724830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861731)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"166.144.131.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861731/; classtype:trojan-activity;sid:83724831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861733)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861733/; classtype:trojan-activity;sid:83724833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861734)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861734/; classtype:trojan-activity;sid:83724834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861721)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861721/; classtype:trojan-activity;sid:83724821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861722)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"89.31.226.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861722/; classtype:trojan-activity;sid:83724822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861725)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861725/; classtype:trojan-activity;sid:83724825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861726)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861726/; classtype:trojan-activity;sid:83724826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861717)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"39.175.56.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861717/; classtype:trojan-activity;sid:83724817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861719)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"87.251.249.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861719/; classtype:trojan-activity;sid:83724819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861716)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"188.170.32.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861716/; classtype:trojan-activity;sid:83724816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861714)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861714/; classtype:trojan-activity;sid:83724814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861710)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.14.38.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861710/; classtype:trojan-activity;sid:83724810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861709)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"85.99.124.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861709/; classtype:trojan-activity;sid:83724809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861708)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.84.167.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861708/; classtype:trojan-activity;sid:83724808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861707)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"209.162.229.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861707/; classtype:trojan-activity;sid:83724807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861695)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"102.216.105.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861695/; classtype:trojan-activity;sid:83724795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861697)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"222.252.15.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861697/; classtype:trojan-activity;sid:83724797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861700)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"14stirling.dyndns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861700/; classtype:trojan-activity;sid:83724800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861682)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861682/; classtype:trojan-activity;sid:83724782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861685)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861685/; classtype:trojan-activity;sid:83724785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861686)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861686/; classtype:trojan-activity;sid:83724786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861687)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"124.19.77.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861687/; classtype:trojan-activity;sid:83724787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861688)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861688/; classtype:trojan-activity;sid:83724788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861689)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.125.243.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861689/; classtype:trojan-activity;sid:83724789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861690)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861690/; classtype:trojan-activity;sid:83724790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861692)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861692/; classtype:trojan-activity;sid:83724792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861693)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.3.248.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861693/; classtype:trojan-activity;sid:83724793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861680)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861680/; classtype:trojan-activity;sid:83724780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861674)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"84.199.4.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861674/; classtype:trojan-activity;sid:83724774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861675)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861675/; classtype:trojan-activity;sid:83724775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861676)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"209.162.229.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861676/; classtype:trojan-activity;sid:83724776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861677)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861677/; classtype:trojan-activity;sid:83724777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861672)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"36.95.166.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861672/; classtype:trojan-activity;sid:83724772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861670)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861670/; classtype:trojan-activity;sid:83724770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861666)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"159.196.71.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861666/; classtype:trojan-activity;sid:83724766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861667)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861667/; classtype:trojan-activity;sid:83724767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861664)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861664/; classtype:trojan-activity;sid:83724764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861652)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861652/; classtype:trojan-activity;sid:83724752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861655)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"36.67.155.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861655/; classtype:trojan-activity;sid:83724755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861659)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861659/; classtype:trojan-activity;sid:83724759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861660)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"39.175.56.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861660/; classtype:trojan-activity;sid:83724760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861661)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"212.3.211.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861661/; classtype:trojan-activity;sid:83724761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861643)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861643/; classtype:trojan-activity;sid:83724743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861644)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"84.29.231.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861644/; classtype:trojan-activity;sid:83724744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861646)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861646/; classtype:trojan-activity;sid:83724746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861639)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861639/; classtype:trojan-activity;sid:83724739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861640)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861640/; classtype:trojan-activity;sid:83724740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861641)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861641/; classtype:trojan-activity;sid:83724741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861633)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861633/; classtype:trojan-activity;sid:83724733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861636)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.47.248.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861636/; classtype:trojan-activity;sid:83724736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861637)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"102.223.106.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861637/; classtype:trojan-activity;sid:83724737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861629)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861629/; classtype:trojan-activity;sid:83724729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861628)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861628/; classtype:trojan-activity;sid:83724728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861626)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861626/; classtype:trojan-activity;sid:83724726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861613)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861613/; classtype:trojan-activity;sid:83724713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861614)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861614/; classtype:trojan-activity;sid:83724714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861615)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861615/; classtype:trojan-activity;sid:83724715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861616)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861616/; classtype:trojan-activity;sid:83724716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861619)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861619/; classtype:trojan-activity;sid:83724719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861620)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861620/; classtype:trojan-activity;sid:83724720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861622)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861622/; classtype:trojan-activity;sid:83724722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861624)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"1.179.62.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861624/; classtype:trojan-activity;sid:83724724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861595)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"82.148.194.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861595/; classtype:trojan-activity;sid:83724695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861597)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"69.75.168.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861597/; classtype:trojan-activity;sid:83724697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861598)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861598/; classtype:trojan-activity;sid:83724698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861600)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"223.82.83.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861600/; classtype:trojan-activity;sid:83724700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861601)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861601/; classtype:trojan-activity;sid:83724701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861606)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861606/; classtype:trojan-activity;sid:83724706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861609)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861609/; classtype:trojan-activity;sid:83724709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861592)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861592/; classtype:trojan-activity;sid:83724692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861594)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861594/; classtype:trojan-activity;sid:83724694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861588)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"93.63.154.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861588/; classtype:trojan-activity;sid:83724688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861586)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.84.167.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861586/; classtype:trojan-activity;sid:83724686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861582)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861582/; classtype:trojan-activity;sid:83724682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861567)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861567/; classtype:trojan-activity;sid:83724667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861568)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861568/; classtype:trojan-activity;sid:83724668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861569)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"113.160.251.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861569/; classtype:trojan-activity;sid:83724669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861570)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861570/; classtype:trojan-activity;sid:83724670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861573)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861573/; classtype:trojan-activity;sid:83724673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861577)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.22.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861577/; classtype:trojan-activity;sid:83724677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861579)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861579/; classtype:trojan-activity;sid:83724679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861580)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"59.154.252.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861580/; classtype:trojan-activity;sid:83724680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861556)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.183.85.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861556/; classtype:trojan-activity;sid:83724656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861559)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"68.226.36.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861559/; classtype:trojan-activity;sid:83724659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861562)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861562/; classtype:trojan-activity;sid:83724662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861563)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"102.223.106.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861563/; classtype:trojan-activity;sid:83724663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861564)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"172.115.81.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861564/; classtype:trojan-activity;sid:83724664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861553)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.230.215.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861553/; classtype:trojan-activity;sid:83724653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861554)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"87.26.194.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861554/; classtype:trojan-activity;sid:83724654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861555)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"88.123.92.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861555/; classtype:trojan-activity;sid:83724655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861549)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861549/; classtype:trojan-activity;sid:83724649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861547)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861547/; classtype:trojan-activity;sid:83724647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861543)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.231.190.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861543/; classtype:trojan-activity;sid:83724643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861541)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.99.124.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861541/; classtype:trojan-activity;sid:83724641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861538)"; flow:established,from_client; content:"GET"; http_method; content:"/tsaplqyj.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"bafybeicnmx2fcaolinpdaiqjo7hgsourg3qzaxf57psdrbqic4qrm4pf3i.ipfs.dweb.link"; http_host; depth:74; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861538/; classtype:trojan-activity;sid:83724638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2860721)"; flow:established,from_client; content:"GET"; http_method; content:"/srbijasetuphokej.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_23; reference:url, urlhaus.abuse.ch/url/2860721/; classtype:trojan-activity;sid:83723821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859508)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.148.194.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_22; reference:url, urlhaus.abuse.ch/url/2859508/; classtype:trojan-activity;sid:83722608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859117)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/raw/main/arm"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2859117/; classtype:trojan-activity;sid:83722217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859027)"; flow:established,from_client; content:"GET"; http_method; content:"/ustaxes/ustaxes/files/15378217/all.2023.tax.documents.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2859027/; classtype:trojan-activity;sid:83722127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2858898)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.225.186.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2858898/; classtype:trojan-activity;sid:83721998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857904)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857904/; classtype:trojan-activity;sid:83721004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857893)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.139.21.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857893/; classtype:trojan-activity;sid:83720993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857898)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.29.231.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857898/; classtype:trojan-activity;sid:83720998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857892)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.3.248.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857892/; classtype:trojan-activity;sid:83720992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857888)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857888/; classtype:trojan-activity;sid:83720988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857884)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.62.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857884/; classtype:trojan-activity;sid:83720984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857881)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857881/; classtype:trojan-activity;sid:83720981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857874)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.86.136.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857874/; classtype:trojan-activity;sid:83720974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857875)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857875/; classtype:trojan-activity;sid:83720975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857871)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857871/; classtype:trojan-activity;sid:83720971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857872)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.196.121.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857872/; classtype:trojan-activity;sid:83720972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857868)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"159.196.71.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857868/; classtype:trojan-activity;sid:83720968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857870)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857870/; classtype:trojan-activity;sid:83720970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857865)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.154.122.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857865/; classtype:trojan-activity;sid:83720965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857866)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857866/; classtype:trojan-activity;sid:83720966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857859)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857859/; classtype:trojan-activity;sid:83720959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857854)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.154.67.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857854/; classtype:trojan-activity;sid:83720954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857850)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"159.196.71.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857850/; classtype:trojan-activity;sid:83720950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857851)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.6.87.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857851/; classtype:trojan-activity;sid:83720951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857848)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857848/; classtype:trojan-activity;sid:83720948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857849)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857849/; classtype:trojan-activity;sid:83720949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857844)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.2.229.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857844/; classtype:trojan-activity;sid:83720944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857846)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857846/; classtype:trojan-activity;sid:83720946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857837)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857837/; classtype:trojan-activity;sid:83720937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857838)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"149.62.200.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857838/; classtype:trojan-activity;sid:83720938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857834)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857834/; classtype:trojan-activity;sid:83720934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857835)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857835/; classtype:trojan-activity;sid:83720935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857836)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"36.95.166.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857836/; classtype:trojan-activity;sid:83720936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857833)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"36.67.155.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857833/; classtype:trojan-activity;sid:83720933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857831)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"98.180.230.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857831/; classtype:trojan-activity;sid:83720931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857822)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.176.204.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857822/; classtype:trojan-activity;sid:83720922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857820)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.31.226.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857820/; classtype:trojan-activity;sid:83720920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857821)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.176.204.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857821/; classtype:trojan-activity;sid:83720921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857813)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857813/; classtype:trojan-activity;sid:83720913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857809)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857809/; classtype:trojan-activity;sid:83720909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857810)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"124.19.79.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857810/; classtype:trojan-activity;sid:83720910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857806)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857806/; classtype:trojan-activity;sid:83720906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857807)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.3.248.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857807/; classtype:trojan-activity;sid:83720907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857804)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857804/; classtype:trojan-activity;sid:83720904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857802)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857802/; classtype:trojan-activity;sid:83720902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857795)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857795/; classtype:trojan-activity;sid:83720895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857797)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857797/; classtype:trojan-activity;sid:83720897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857794)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"68.107.218.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857794/; classtype:trojan-activity;sid:83720894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857788)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"68.226.36.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857788/; classtype:trojan-activity;sid:83720888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857785)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857785/; classtype:trojan-activity;sid:83720885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857780)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857780/; classtype:trojan-activity;sid:83720880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857778)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857778/; classtype:trojan-activity;sid:83720878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857776)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.202.20.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857776/; classtype:trojan-activity;sid:83720876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857770)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857770/; classtype:trojan-activity;sid:83720870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857771)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857771/; classtype:trojan-activity;sid:83720871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857772)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"69.75.168.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857772/; classtype:trojan-activity;sid:83720872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857773)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857773/; classtype:trojan-activity;sid:83720873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857763)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857763/; classtype:trojan-activity;sid:83720863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857762)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857762/; classtype:trojan-activity;sid:83720862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857758)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857758/; classtype:trojan-activity;sid:83720858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857752)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857752/; classtype:trojan-activity;sid:83720852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857753)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857753/; classtype:trojan-activity;sid:83720853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857754)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.123.92.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857754/; classtype:trojan-activity;sid:83720854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857755)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857755/; classtype:trojan-activity;sid:83720855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857750)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"125.168.166.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857750/; classtype:trojan-activity;sid:83720850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857747)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857747/; classtype:trojan-activity;sid:83720847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857749)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857749/; classtype:trojan-activity;sid:83720849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857746)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857746/; classtype:trojan-activity;sid:83720846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857736)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.154.122.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857736/; classtype:trojan-activity;sid:83720836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857730)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857730/; classtype:trojan-activity;sid:83720830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857724)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857724/; classtype:trojan-activity;sid:83720824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857721)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.200.171.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857721/; classtype:trojan-activity;sid:83720821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857717)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.86.136.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857717/; classtype:trojan-activity;sid:83720817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857719)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857719/; classtype:trojan-activity;sid:83720819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857710)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.160.185.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857710/; classtype:trojan-activity;sid:83720810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857712)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.162.229.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857712/; classtype:trojan-activity;sid:83720812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857708)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857708/; classtype:trojan-activity;sid:83720808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857706)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857706/; classtype:trojan-activity;sid:83720806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857696)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.241.90.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857696/; classtype:trojan-activity;sid:83720796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857693)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.160.10.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857693/; classtype:trojan-activity;sid:83720793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857689)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857689/; classtype:trojan-activity;sid:83720789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857687)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.160.251.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857687/; classtype:trojan-activity;sid:83720787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857679)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.154.123.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857679/; classtype:trojan-activity;sid:83720779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857674)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857674/; classtype:trojan-activity;sid:83720774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857676)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"204.11.227.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857676/; classtype:trojan-activity;sid:83720776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857678)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857678/; classtype:trojan-activity;sid:83720778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857670)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857670/; classtype:trojan-activity;sid:83720770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857671)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857671/; classtype:trojan-activity;sid:83720771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857672)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857672/; classtype:trojan-activity;sid:83720772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857669)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857669/; classtype:trojan-activity;sid:83720769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857666)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857666/; classtype:trojan-activity;sid:83720766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857662)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857662/; classtype:trojan-activity;sid:83720762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857660)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.251.249.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857660/; classtype:trojan-activity;sid:83720760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857657)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857657/; classtype:trojan-activity;sid:83720757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857653)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.6.87.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857653/; classtype:trojan-activity;sid:83720753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857654)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857654/; classtype:trojan-activity;sid:83720754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857655)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.139.20.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857655/; classtype:trojan-activity;sid:83720755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857651)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857651/; classtype:trojan-activity;sid:83720751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857652)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.170.32.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857652/; classtype:trojan-activity;sid:83720752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857645)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857645/; classtype:trojan-activity;sid:83720745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857642)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857642/; classtype:trojan-activity;sid:83720742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857633)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857633/; classtype:trojan-activity;sid:83720733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857634)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857634/; classtype:trojan-activity;sid:83720734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857635)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"204.11.227.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857635/; classtype:trojan-activity;sid:83720735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857640)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857640/; classtype:trojan-activity;sid:83720740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857628)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857628/; classtype:trojan-activity;sid:83720728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857630)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857630/; classtype:trojan-activity;sid:83720730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857624)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857624/; classtype:trojan-activity;sid:83720724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857620)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857620/; classtype:trojan-activity;sid:83720720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857621)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857621/; classtype:trojan-activity;sid:83720721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857616)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857616/; classtype:trojan-activity;sid:83720716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857613)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.86.136.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857613/; classtype:trojan-activity;sid:83720713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857614)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.154.252.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857614/; classtype:trojan-activity;sid:83720714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857610)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.176.204.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857610/; classtype:trojan-activity;sid:83720710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857606)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.214.27.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857606/; classtype:trojan-activity;sid:83720706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857607)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.86.136.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857607/; classtype:trojan-activity;sid:83720707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857600)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857600/; classtype:trojan-activity;sid:83720700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857601)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.93.103.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857601/; classtype:trojan-activity;sid:83720701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857602)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"112.4.110.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857602/; classtype:trojan-activity;sid:83720702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857590)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.160.10.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857590/; classtype:trojan-activity;sid:83720690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857585)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857585/; classtype:trojan-activity;sid:83720685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857586)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857586/; classtype:trojan-activity;sid:83720686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857587)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857587/; classtype:trojan-activity;sid:83720687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857583)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857583/; classtype:trojan-activity;sid:83720683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857584)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.108.58.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857584/; classtype:trojan-activity;sid:83720684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857580)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857580/; classtype:trojan-activity;sid:83720680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857582)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857582/; classtype:trojan-activity;sid:83720682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857578)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857578/; classtype:trojan-activity;sid:83720678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857576)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857576/; classtype:trojan-activity;sid:83720676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857573)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.14.38.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857573/; classtype:trojan-activity;sid:83720673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857574)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857574/; classtype:trojan-activity;sid:83720674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857568)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857568/; classtype:trojan-activity;sid:83720668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857570)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857570/; classtype:trojan-activity;sid:83720670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857563)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857563/; classtype:trojan-activity;sid:83720663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857564)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.251.62.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857564/; classtype:trojan-activity;sid:83720664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857566)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857566/; classtype:trojan-activity;sid:83720666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857561)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.22.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857561/; classtype:trojan-activity;sid:83720661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857553)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857553/; classtype:trojan-activity;sid:83720653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857556)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.139.21.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857556/; classtype:trojan-activity;sid:83720656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857551)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857551/; classtype:trojan-activity;sid:83720651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857545)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857545/; classtype:trojan-activity;sid:83720645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857542)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857542/; classtype:trojan-activity;sid:83720642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857543)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857543/; classtype:trojan-activity;sid:83720643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857541)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857541/; classtype:trojan-activity;sid:83720641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857539)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.160.10.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857539/; classtype:trojan-activity;sid:83720639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857535)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.139.20.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857535/; classtype:trojan-activity;sid:83720635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857526)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857526/; classtype:trojan-activity;sid:83720626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857527)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857527/; classtype:trojan-activity;sid:83720627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857522)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.64.76.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857522/; classtype:trojan-activity;sid:83720622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857524)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857524/; classtype:trojan-activity;sid:83720624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857525)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.162.229.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857525/; classtype:trojan-activity;sid:83720625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857510)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.93.103.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857510/; classtype:trojan-activity;sid:83720610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857509)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857509/; classtype:trojan-activity;sid:83720609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857506)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"172.115.81.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857506/; classtype:trojan-activity;sid:83720606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857507)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857507/; classtype:trojan-activity;sid:83720607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857508)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"124.19.77.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857508/; classtype:trojan-activity;sid:83720608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857501)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857501/; classtype:trojan-activity;sid:83720601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857498)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857498/; classtype:trojan-activity;sid:83720598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857500)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857500/; classtype:trojan-activity;sid:83720600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857492)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.63.154.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857492/; classtype:trojan-activity;sid:83720592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857493)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857493/; classtype:trojan-activity;sid:83720593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857483)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857483/; classtype:trojan-activity;sid:83720583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857484)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857484/; classtype:trojan-activity;sid:83720584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857485)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.196.121.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857485/; classtype:trojan-activity;sid:83720585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857486)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857486/; classtype:trojan-activity;sid:83720586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857472)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857472/; classtype:trojan-activity;sid:83720572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857468)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.222.113.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857468/; classtype:trojan-activity;sid:83720568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857464)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857464/; classtype:trojan-activity;sid:83720564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857465)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.68.74.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857465/; classtype:trojan-activity;sid:83720565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857462)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"222.252.15.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857462/; classtype:trojan-activity;sid:83720562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857463)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857463/; classtype:trojan-activity;sid:83720563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857444)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857444/; classtype:trojan-activity;sid:83720544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857447)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857447/; classtype:trojan-activity;sid:83720547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857448)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"68.226.36.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857448/; classtype:trojan-activity;sid:83720548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857454)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857454/; classtype:trojan-activity;sid:83720554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857455)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857455/; classtype:trojan-activity;sid:83720555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857457)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857457/; classtype:trojan-activity;sid:83720557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857458)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.160.185.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857458/; classtype:trojan-activity;sid:83720558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857459)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.65.37.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857459/; classtype:trojan-activity;sid:83720559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857437)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.238.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857437/; classtype:trojan-activity;sid:83720537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857438)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857438/; classtype:trojan-activity;sid:83720538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857439)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857439/; classtype:trojan-activity;sid:83720539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857434)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857434/; classtype:trojan-activity;sid:83720534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857169)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.84.167.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857169/; classtype:trojan-activity;sid:83720269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2854636)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig-6.18.0-linux-x64.tar.gz"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"46.231.32.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_18; reference:url, urlhaus.abuse.ch/url/2854636/; classtype:trojan-activity;sid:83717736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2854622)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig0.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"14.224.174.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_18; reference:url, urlhaus.abuse.ch/url/2854622/; classtype:trojan-activity;sid:83717722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2854623)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig0.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"14.224.174.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_18; reference:url, urlhaus.abuse.ch/url/2854623/; classtype:trojan-activity;sid:83717723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2854611)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig-6.19.3-linux-x64.tar.gz"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"31.186.217.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_18; reference:url, urlhaus.abuse.ch/url/2854611/; classtype:trojan-activity;sid:83717711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2850765)"; flow:established,from_client; content:"GET"; http_method; content:"/x103.log"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"zffsg.oss-ap-northeast-2.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_05_15; reference:url, urlhaus.abuse.ch/url/2850765/; classtype:trojan-activity;sid:83713865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845932)"; flow:established,from_client; content:"GET"; http_method; content:"/av_downloader.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.240.65.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845932/; classtype:trojan-activity;sid:83709032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845931)"; flow:established,from_client; content:"GET"; http_method; content:"/install_python3.sh"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"43.240.65.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845931/; classtype:trojan-activity;sid:83709031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845681)"; flow:established,from_client; content:"GET"; http_method; content:"/app/filesrc/android/apk/2023/zonghengxsandroid_7.5.6.63_zh-zhh5.apk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"static.zongheng.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845681/; classtype:trojan-activity;sid:83708781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842725)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.231.14.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842725/; classtype:trojan-activity;sid:83705825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842724)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.119.193.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842724/; classtype:trojan-activity;sid:83705824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842723)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.119.151.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842723/; classtype:trojan-activity;sid:83705823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842669)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.45.130.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842669/; classtype:trojan-activity;sid:83705769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842670)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"194.208.56.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842670/; classtype:trojan-activity;sid:83705770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842661)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.53.164.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842661/; classtype:trojan-activity;sid:83705761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842662)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"139.5.152.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842662/; classtype:trojan-activity;sid:83705762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842655)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.92.29.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842655/; classtype:trojan-activity;sid:83705755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842650)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.35.49.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842650/; classtype:trojan-activity;sid:83705750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.208.56.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842419/; classtype:trojan-activity;sid:83705519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.28.38.135"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842413/; classtype:trojan-activity;sid:83705513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.53.164.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842401/; classtype:trojan-activity;sid:83705501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.35.49.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842402/; classtype:trojan-activity;sid:83705502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.92.29.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842405/; classtype:trojan-activity;sid:83705505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.45.130.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842410/; classtype:trojan-activity;sid:83705510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842081)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.205.81.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842081/; classtype:trojan-activity;sid:83705181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842062)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.151.34.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842062/; classtype:trojan-activity;sid:83705162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842056)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"71.42.105.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842056/; classtype:trojan-activity;sid:83705156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842053)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.4.51.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842053/; classtype:trojan-activity;sid:83705153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842036)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.245.220.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842036/; classtype:trojan-activity;sid:83705136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842037)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.37.170.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842037/; classtype:trojan-activity;sid:83705137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842029)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.109.205.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842029/; classtype:trojan-activity;sid:83705129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842033)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.192.22.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842033/; classtype:trojan-activity;sid:83705133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842023)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.39.247.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842023/; classtype:trojan-activity;sid:83705123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842026)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.110.206.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842026/; classtype:trojan-activity;sid:83705126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842010)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.145.205.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842010/; classtype:trojan-activity;sid:83705110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842012)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.255.42.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842012/; classtype:trojan-activity;sid:83705112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842015)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.151.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842015/; classtype:trojan-activity;sid:83705115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842006)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.58.51.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842006/; classtype:trojan-activity;sid:83705106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842007)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.107.232.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842007/; classtype:trojan-activity;sid:83705107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841995)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.115.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841995/; classtype:trojan-activity;sid:83705095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841998)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.247.13.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841998/; classtype:trojan-activity;sid:83705098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841999)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"70.45.241.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841999/; classtype:trojan-activity;sid:83705099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841988)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.148.5.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841988/; classtype:trojan-activity;sid:83705088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841979)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.107.78.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841979/; classtype:trojan-activity;sid:83705079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841974)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"151.236.247.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841974/; classtype:trojan-activity;sid:83705074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841976)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.249.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841976/; classtype:trojan-activity;sid:83705076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841962)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.239.254.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841962/; classtype:trojan-activity;sid:83705062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841963)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.101.191.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841963/; classtype:trojan-activity;sid:83705063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841967)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.123.53.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841967/; classtype:trojan-activity;sid:83705067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841953)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.209.184.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841953/; classtype:trojan-activity;sid:83705053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841954)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.209.184.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841954/; classtype:trojan-activity;sid:83705054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841945)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"179.189.254.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841945/; classtype:trojan-activity;sid:83705045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841947)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.151.163.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841947/; classtype:trojan-activity;sid:83705047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841949)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.64.209.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841949/; classtype:trojan-activity;sid:83705049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841941)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.115.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841941/; classtype:trojan-activity;sid:83705041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841934)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.147.168.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841934/; classtype:trojan-activity;sid:83705034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841929)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"159.224.143.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841929/; classtype:trojan-activity;sid:83705029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841932)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.145.123.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841932/; classtype:trojan-activity;sid:83705032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841917)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.28.38.135"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841917/; classtype:trojan-activity;sid:83705017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841807)"; flow:established,from_client; content:"GET"; http_method; content:"/cryptography_module_windows.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"122.170.110.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841807/; classtype:trojan-activity;sid:83704907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.110.206.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841726/; classtype:trojan-activity;sid:83704826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.37.170.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841721/; classtype:trojan-activity;sid:83704821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.123.53.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841713/; classtype:trojan-activity;sid:83704813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.148.5.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841714/; classtype:trojan-activity;sid:83704814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.247.13.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841715/; classtype:trojan-activity;sid:83704815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.115.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841712/; classtype:trojan-activity;sid:83704812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.211.112.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841707/; classtype:trojan-activity;sid:83704807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.151.34.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841683/; classtype:trojan-activity;sid:83704783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.255.42.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841686/; classtype:trojan-activity;sid:83704786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.101.191.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841679/; classtype:trojan-activity;sid:83704779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.239.254.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841666/; classtype:trojan-activity;sid:83704766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.39.247.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841667/; classtype:trojan-activity;sid:83704767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.236.247.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841650/; classtype:trojan-activity;sid:83704750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.4.51.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841636/; classtype:trojan-activity;sid:83704736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.145.123.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841644/; classtype:trojan-activity;sid:83704744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.115.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841631/; classtype:trojan-activity;sid:83704731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.209.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841625/; classtype:trojan-activity;sid:83704725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.151.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841621/; classtype:trojan-activity;sid:83704721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.209.184.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841624/; classtype:trojan-activity;sid:83704724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"179.189.254.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841617/; classtype:trojan-activity;sid:83704717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71.42.105.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841619/; classtype:trojan-activity;sid:83704719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.245.220.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841613/; classtype:trojan-activity;sid:83704713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.192.22.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841604/; classtype:trojan-activity;sid:83704704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.209.184.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841608/; classtype:trojan-activity;sid:83704708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.205.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841609/; classtype:trojan-activity;sid:83704709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.58.51.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841602/; classtype:trojan-activity;sid:83704702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"70.45.241.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841591/; classtype:trojan-activity;sid:83704691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.107.78.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841582/; classtype:trojan-activity;sid:83704682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"159.224.143.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841581/; classtype:trojan-activity;sid:83704681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.151.163.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841575/; classtype:trojan-activity;sid:83704675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.249.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841576/; classtype:trojan-activity;sid:83704676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.107.232.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841573/; classtype:trojan-activity;sid:83704673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.145.205.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841570/; classtype:trojan-activity;sid:83704670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841312)"; flow:established,from_client; content:"GET"; http_method; content:"/aioc_5.0.0.63_it.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"912648.aioc.qbgxl.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841312/; classtype:trojan-activity;sid:83704412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2839963)"; flow:established,from_client; content:"GET"; http_method; content:"/aioc_5.0.0.63_it.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"139520.aioc.qbgxl.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_06; reference:url, urlhaus.abuse.ch/url/2839963/; classtype:trojan-activity;sid:83703063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837116)"; flow:established,from_client; content:"GET"; http_method; content:"/ag_injector_latest.apk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"dl.aginjector.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837116/; classtype:trojan-activity;sid:83700216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836854)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.146.202.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836854/; classtype:trojan-activity;sid:83699954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836844)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"195.211.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836844/; classtype:trojan-activity;sid:83699944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836794)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/raw/main/bots_mips"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836794/; classtype:trojan-activity;sid:83699894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835124)"; flow:established,from_client; content:"GET"; http_method; content:"/static/tiktok/ready.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"gawx.florenda.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835124/; classtype:trojan-activity;sid:83698224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835122)"; flow:established,from_client; content:"GET"; http_method; content:"/static/tiktok/ready.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"gawx.florenda.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835122/; classtype:trojan-activity;sid:83698222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834467)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.249.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834467/; classtype:trojan-activity;sid:83697567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834442)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834442/; classtype:trojan-activity;sid:83697542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834400)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834400/; classtype:trojan-activity;sid:83697500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834387)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834387/; classtype:trojan-activity;sid:83697487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834372)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834372/; classtype:trojan-activity;sid:83697472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833916)"; flow:established,from_client; content:"GET"; http_method; content:"/frexoff/efefwefwwf/main/cock.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833916/; classtype:trojan-activity;sid:83697016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833904)"; flow:established,from_client; content:"GET"; http_method; content:"/frexoff/efefwefwwf/raw/main/cock.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833904/; classtype:trojan-activity;sid:83697004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833829)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/raw/main/disbot"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833829/; classtype:trojan-activity;sid:83696929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833648)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/arm7"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833648/; classtype:trojan-activity;sid:83696748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833649)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/arm6"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833649/; classtype:trojan-activity;sid:83696749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833650)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/mips"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833650/; classtype:trojan-activity;sid:83696750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833651)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/x86_64"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833651/; classtype:trojan-activity;sid:83696751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833643)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/arm5"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833643/; classtype:trojan-activity;sid:83696743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833644)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/m68k"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833644/; classtype:trojan-activity;sid:83696744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833645)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/sh4"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833645/; classtype:trojan-activity;sid:83696745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833646)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/mpsl"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833646/; classtype:trojan-activity;sid:83696746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833647)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/arm"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833647/; classtype:trojan-activity;sid:83696747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833642)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/x86_32"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833642/; classtype:trojan-activity;sid:83696742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833217)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/raw/main/386"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833217/; classtype:trojan-activity;sid:83696317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833216)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/raw/main/mips"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833216/; classtype:trojan-activity;sid:83696316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833213)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/raw/main/mpsl"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833213/; classtype:trojan-activity;sid:83696313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830963)"; flow:established,from_client; content:"GET"; http_method; content:"/kampfkarren/roblox/files/15001743/roexec.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830963/; classtype:trojan-activity;sid:83694063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830955)"; flow:established,from_client; content:"GET"; http_method; content:"/delta-io/delta/files/15016110/delta.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830955/; classtype:trojan-activity;sid:83694055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824981)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824981/; classtype:trojan-activity;sid:83688081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824078)"; flow:established,from_client; content:"GET"; http_method; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-win64-setup-unsigned.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824078/; classtype:trojan-activity;sid:83687178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824079)"; flow:established,from_client; content:"GET"; http_method; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-osx-unsigned.dmg"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824079/; classtype:trojan-activity;sid:83687179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824077)"; flow:established,from_client; content:"GET"; http_method; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-win32-setup-unsigned.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824077/; classtype:trojan-activity;sid:83687177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823256)"; flow:established,from_client; content:"GET"; http_method; content:"/imtoken.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"imtoken8.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823256/; classtype:trojan-activity;sid:83686356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823150)"; flow:established,from_client; content:"GET"; http_method; content:"/y-steamworks.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"117.50.194.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823150/; classtype:trojan-activity;sid:83686250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822910)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.150.253.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822910/; classtype:trojan-activity;sid:83686010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822909)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.89.188.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822909/; classtype:trojan-activity;sid:83686009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822908)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.30.85.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822908/; classtype:trojan-activity;sid:83686008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822907)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.159.1.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822907/; classtype:trojan-activity;sid:83686007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822899)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.18.223.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822899/; classtype:trojan-activity;sid:83685999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822902)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.38.60.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822902/; classtype:trojan-activity;sid:83686002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822886)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.92.222.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822886/; classtype:trojan-activity;sid:83685986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822887)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.30.245.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822887/; classtype:trojan-activity;sid:83685987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822881)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.154.131.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822881/; classtype:trojan-activity;sid:83685981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822882)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.141.135.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822882/; classtype:trojan-activity;sid:83685982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822864)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"141.105.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822864/; classtype:trojan-activity;sid:83685964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822866)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.254.173.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822866/; classtype:trojan-activity;sid:83685966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822867)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.65.15.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822867/; classtype:trojan-activity;sid:83685967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822869)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.114.137.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822869/; classtype:trojan-activity;sid:83685969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822873)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.148.20.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822873/; classtype:trojan-activity;sid:83685973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822861)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.189.172.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822861/; classtype:trojan-activity;sid:83685961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822862)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.128.195.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822862/; classtype:trojan-activity;sid:83685962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822863)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.77.74.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822863/; classtype:trojan-activity;sid:83685963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822844)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.248.81.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822844/; classtype:trojan-activity;sid:83685944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822845)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"75.183.98.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822845/; classtype:trojan-activity;sid:83685945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822846)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.67.251.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822846/; classtype:trojan-activity;sid:83685946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822847)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.242.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822847/; classtype:trojan-activity;sid:83685947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822841)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.50.7.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822841/; classtype:trojan-activity;sid:83685941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822834)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.154.187.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822834/; classtype:trojan-activity;sid:83685934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822823)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.88.180.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822823/; classtype:trojan-activity;sid:83685923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822824)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.227.118.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822824/; classtype:trojan-activity;sid:83685924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822825)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.94.245.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822825/; classtype:trojan-activity;sid:83685925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822828)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"122.201.25.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822828/; classtype:trojan-activity;sid:83685928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822808)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.254.223.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822808/; classtype:trojan-activity;sid:83685908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822809)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.116.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822809/; classtype:trojan-activity;sid:83685909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822811)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.200.72.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822811/; classtype:trojan-activity;sid:83685911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822812)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.89.11.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822812/; classtype:trojan-activity;sid:83685912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822814)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.34.20.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822814/; classtype:trojan-activity;sid:83685914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822815)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.189.125.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822815/; classtype:trojan-activity;sid:83685915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822819)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.114.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822819/; classtype:trojan-activity;sid:83685919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822802)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.96.214.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822802/; classtype:trojan-activity;sid:83685902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822806)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.116.68.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822806/; classtype:trojan-activity;sid:83685906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822797)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.131.81.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822797/; classtype:trojan-activity;sid:83685897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822800)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.69.88.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822800/; classtype:trojan-activity;sid:83685900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822794)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.72.6.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822794/; classtype:trojan-activity;sid:83685894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822778)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.176.137.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822778/; classtype:trojan-activity;sid:83685878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822782)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.154.135.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822782/; classtype:trojan-activity;sid:83685882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822792)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.78.201.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822792/; classtype:trojan-activity;sid:83685892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822770)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.252.66.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822770/; classtype:trojan-activity;sid:83685870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822772)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.210.50.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822772/; classtype:trojan-activity;sid:83685872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822774)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.5.61.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822774/; classtype:trojan-activity;sid:83685874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822762)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"139.60.191.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822762/; classtype:trojan-activity;sid:83685862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822763)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822763/; classtype:trojan-activity;sid:83685863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822764)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.246.177.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822764/; classtype:trojan-activity;sid:83685864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822768)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.34.7.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822768/; classtype:trojan-activity;sid:83685868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822757)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.244.112.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822757/; classtype:trojan-activity;sid:83685857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822754)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.175.223.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822754/; classtype:trojan-activity;sid:83685854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822755)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.1.157.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822755/; classtype:trojan-activity;sid:83685855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822751)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.42.201.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822751/; classtype:trojan-activity;sid:83685851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822746)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.190.142.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822746/; classtype:trojan-activity;sid:83685846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822747)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.58.21.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822747/; classtype:trojan-activity;sid:83685847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822734)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.28.58.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822734/; classtype:trojan-activity;sid:83685834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822735)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.21.223.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822735/; classtype:trojan-activity;sid:83685835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822736)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.63.242.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822736/; classtype:trojan-activity;sid:83685836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822743)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.7.153.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822743/; classtype:trojan-activity;sid:83685843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822744)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"201.184.231.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822744/; classtype:trojan-activity;sid:83685844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822719)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"102.216.69.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822719/; classtype:trojan-activity;sid:83685819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822721)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.193.120.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822721/; classtype:trojan-activity;sid:83685821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822724)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.179.121.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822724/; classtype:trojan-activity;sid:83685824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822726)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.41.63.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822726/; classtype:trojan-activity;sid:83685826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822711)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822711/; classtype:trojan-activity;sid:83685811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822706)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.215.61.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822706/; classtype:trojan-activity;sid:83685806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822707)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.57.121.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822707/; classtype:trojan-activity;sid:83685807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822695)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.228.135.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822695/; classtype:trojan-activity;sid:83685795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822697)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.71.191.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822697/; classtype:trojan-activity;sid:83685797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822698)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"98.103.171.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822698/; classtype:trojan-activity;sid:83685798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822704)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.91.171.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822704/; classtype:trojan-activity;sid:83685804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822705)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.52.164.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822705/; classtype:trojan-activity;sid:83685805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822684)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.182.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822684/; classtype:trojan-activity;sid:83685784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822689)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.43.201.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822689/; classtype:trojan-activity;sid:83685789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822691)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.129.106.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822691/; classtype:trojan-activity;sid:83685791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822692)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.111.182.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822692/; classtype:trojan-activity;sid:83685792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822694)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.140.105.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822694/; classtype:trojan-activity;sid:83685794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822677)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.76.195.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822677/; classtype:trojan-activity;sid:83685777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822681)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"146.196.120.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822681/; classtype:trojan-activity;sid:83685781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822674)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.156.46.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822674/; classtype:trojan-activity;sid:83685774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822671)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.197.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822671/; classtype:trojan-activity;sid:83685771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822670)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.58.78.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822670/; classtype:trojan-activity;sid:83685770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822666)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.119.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822666/; classtype:trojan-activity;sid:83685766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822663)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.42.121.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822663/; classtype:trojan-activity;sid:83685763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822646)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.19.172.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822646/; classtype:trojan-activity;sid:83685746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822650)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.129.2.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822650/; classtype:trojan-activity;sid:83685750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822653)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"221.120.98.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822653/; classtype:trojan-activity;sid:83685753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822658)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.218.50.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822658/; classtype:trojan-activity;sid:83685758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822637)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"189.204.177.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822637/; classtype:trojan-activity;sid:83685737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822638)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.183.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822638/; classtype:trojan-activity;sid:83685738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822639)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"218.86.123.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822639/; classtype:trojan-activity;sid:83685739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822633)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.78.118.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822633/; classtype:trojan-activity;sid:83685733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822634)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822634/; classtype:trojan-activity;sid:83685734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822619)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.154.93.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822619/; classtype:trojan-activity;sid:83685719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822620)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"150.129.202.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822620/; classtype:trojan-activity;sid:83685720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822622)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.25.214.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822622/; classtype:trojan-activity;sid:83685722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822601)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.94.29.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822601/; classtype:trojan-activity;sid:83685701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822608)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.42.98.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822608/; classtype:trojan-activity;sid:83685708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822609)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.159.0.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822609/; classtype:trojan-activity;sid:83685709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822612)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"63.78.214.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822612/; classtype:trojan-activity;sid:83685712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822616)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.109.201.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822616/; classtype:trojan-activity;sid:83685716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822590)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.22.48.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822590/; classtype:trojan-activity;sid:83685690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822592)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.211.252.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822592/; classtype:trojan-activity;sid:83685692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822596)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.140.99.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822596/; classtype:trojan-activity;sid:83685696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822577)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.92.77.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822577/; classtype:trojan-activity;sid:83685677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822578)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.175.134.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822578/; classtype:trojan-activity;sid:83685678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822581)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.171.80.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822581/; classtype:trojan-activity;sid:83685681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822583)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.245.10.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822583/; classtype:trojan-activity;sid:83685683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822585)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.89.199.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822585/; classtype:trojan-activity;sid:83685685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822586)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"144.48.169.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822586/; classtype:trojan-activity;sid:83685686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822588)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.201.160.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822588/; classtype:trojan-activity;sid:83685688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822566)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.104.195.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822566/; classtype:trojan-activity;sid:83685666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822567)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.190.70.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822567/; classtype:trojan-activity;sid:83685667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822568)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.150.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822568/; classtype:trojan-activity;sid:83685668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822570)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.5.19.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822570/; classtype:trojan-activity;sid:83685670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822571)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.249.140.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822571/; classtype:trojan-activity;sid:83685671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822573)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.128.231.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822573/; classtype:trojan-activity;sid:83685673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822574)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"147.91.249.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822574/; classtype:trojan-activity;sid:83685674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822555)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.71.46.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822555/; classtype:trojan-activity;sid:83685655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822557)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.41.225.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822557/; classtype:trojan-activity;sid:83685657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822559)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.9.192.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822559/; classtype:trojan-activity;sid:83685659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822563)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.176.7.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822563/; classtype:trojan-activity;sid:83685663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822564)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.249.52.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822564/; classtype:trojan-activity;sid:83685664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822553)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.49.0.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822553/; classtype:trojan-activity;sid:83685653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822547)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.73.70.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822547/; classtype:trojan-activity;sid:83685647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822548)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.92.82.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822548/; classtype:trojan-activity;sid:83685648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822549)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.254.255.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822549/; classtype:trojan-activity;sid:83685649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822544)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.53.164.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822544/; classtype:trojan-activity;sid:83685644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822546)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.69.219.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822546/; classtype:trojan-activity;sid:83685646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822536)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.228.134.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822536/; classtype:trojan-activity;sid:83685636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822537)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822537/; classtype:trojan-activity;sid:83685637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822542)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"179.190.109.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822542/; classtype:trojan-activity;sid:83685642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822543)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.119.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822543/; classtype:trojan-activity;sid:83685643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822523)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.167.25.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822523/; classtype:trojan-activity;sid:83685623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822526)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"90.182.214.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822526/; classtype:trojan-activity;sid:83685626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822530)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.64.96.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822530/; classtype:trojan-activity;sid:83685630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822532)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.140.100.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822532/; classtype:trojan-activity;sid:83685632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822518)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.124.33.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822518/; classtype:trojan-activity;sid:83685618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822522)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.140.32.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822522/; classtype:trojan-activity;sid:83685622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822512)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.12.6.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822512/; classtype:trojan-activity;sid:83685612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822514)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"136.169.119.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822514/; classtype:trojan-activity;sid:83685614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822515)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.248.145.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822515/; classtype:trojan-activity;sid:83685615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822506)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.232.188.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822506/; classtype:trojan-activity;sid:83685606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822498)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.80.242.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822498/; classtype:trojan-activity;sid:83685598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822495)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.28.123.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822495/; classtype:trojan-activity;sid:83685595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822494)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.253.154.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822494/; classtype:trojan-activity;sid:83685594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822490)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.211.153.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822490/; classtype:trojan-activity;sid:83685590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822488)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.187.82.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822488/; classtype:trojan-activity;sid:83685588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822478)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.200.106.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822478/; classtype:trojan-activity;sid:83685578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822481)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.224.243.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822481/; classtype:trojan-activity;sid:83685581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822482)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.216.28.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822482/; classtype:trojan-activity;sid:83685582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822484)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.99.230.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822484/; classtype:trojan-activity;sid:83685584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822485)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.134.42.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822485/; classtype:trojan-activity;sid:83685585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822467)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.126.186.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822467/; classtype:trojan-activity;sid:83685567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822468)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.91.144.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822468/; classtype:trojan-activity;sid:83685568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822471)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.2.237.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822471/; classtype:trojan-activity;sid:83685571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822474)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.4.110.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822474/; classtype:trojan-activity;sid:83685574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822475)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.71.250.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822475/; classtype:trojan-activity;sid:83685575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822477)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.5.50.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822477/; classtype:trojan-activity;sid:83685577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822460)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.69.79.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822460/; classtype:trojan-activity;sid:83685560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822462)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.61.163.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822462/; classtype:trojan-activity;sid:83685562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822451)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.214.241.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822451/; classtype:trojan-activity;sid:83685551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822449)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.59.90.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822449/; classtype:trojan-activity;sid:83685549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822436)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"90.182.214.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822436/; classtype:trojan-activity;sid:83685536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822437)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.218.249.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822437/; classtype:trojan-activity;sid:83685537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822439)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.114.109.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822439/; classtype:trojan-activity;sid:83685539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822441)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.90.207.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822441/; classtype:trojan-activity;sid:83685541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822430)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.112.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822430/; classtype:trojan-activity;sid:83685530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822432)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.71.69.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822432/; classtype:trojan-activity;sid:83685532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822416)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.6.74.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822416/; classtype:trojan-activity;sid:83685516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822417)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.15.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822417/; classtype:trojan-activity;sid:83685517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822418)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.92.98.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822418/; classtype:trojan-activity;sid:83685518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822421)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.43.34.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822421/; classtype:trojan-activity;sid:83685521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822409)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.140.176.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822409/; classtype:trojan-activity;sid:83685509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822406)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.10.211.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822406/; classtype:trojan-activity;sid:83685506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822407)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.106.58.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822407/; classtype:trojan-activity;sid:83685507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822401)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.189.222.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822401/; classtype:trojan-activity;sid:83685501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822405)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.157.212.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822405/; classtype:trojan-activity;sid:83685505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822389)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.7.27.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822389/; classtype:trojan-activity;sid:83685489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822390)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.119.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822390/; classtype:trojan-activity;sid:83685490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822395)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"47.50.169.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822395/; classtype:trojan-activity;sid:83685495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822377)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.101.81.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822377/; classtype:trojan-activity;sid:83685477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822383)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.40.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822383/; classtype:trojan-activity;sid:83685483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822384)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.113.124.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822384/; classtype:trojan-activity;sid:83685484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822385)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.114.200.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822385/; classtype:trojan-activity;sid:83685485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822372)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.84.212.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822372/; classtype:trojan-activity;sid:83685472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822374)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.140.100.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822374/; classtype:trojan-activity;sid:83685474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822376)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.147.120.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822376/; classtype:trojan-activity;sid:83685476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822367)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.88.244.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822367/; classtype:trojan-activity;sid:83685467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822356)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.143.133.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822356/; classtype:trojan-activity;sid:83685456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822358)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.190.76.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822358/; classtype:trojan-activity;sid:83685458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822362)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822362/; classtype:trojan-activity;sid:83685462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822363)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.176.113.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822363/; classtype:trojan-activity;sid:83685463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822364)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.211.197.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822364/; classtype:trojan-activity;sid:83685464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822345)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.200.203.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822345/; classtype:trojan-activity;sid:83685445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822337)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.68.95.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822337/; classtype:trojan-activity;sid:83685437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822342)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.111.116.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822342/; classtype:trojan-activity;sid:83685442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822334)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.92.207.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822334/; classtype:trojan-activity;sid:83685434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822335)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.123.142.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822335/; classtype:trojan-activity;sid:83685435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822327)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.201.160.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822327/; classtype:trojan-activity;sid:83685427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822329)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.193.88.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822329/; classtype:trojan-activity;sid:83685429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822330)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.161.217.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822330/; classtype:trojan-activity;sid:83685430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822325)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.193.62.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822325/; classtype:trojan-activity;sid:83685425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822320)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"108.162.187.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822320/; classtype:trojan-activity;sid:83685420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822321)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.175.42.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822321/; classtype:trojan-activity;sid:83685421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822322)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"83.234.218.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822322/; classtype:trojan-activity;sid:83685422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822323)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.240.37.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822323/; classtype:trojan-activity;sid:83685423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822316)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.73.242.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822316/; classtype:trojan-activity;sid:83685416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822304)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.28.11.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822304/; classtype:trojan-activity;sid:83685404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822308)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"115.245.112.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822308/; classtype:trojan-activity;sid:83685408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822299)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.139.121.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822299/; classtype:trojan-activity;sid:83685399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822300)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"177.52.48.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822300/; classtype:trojan-activity;sid:83685400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822302)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.73.49.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822302/; classtype:trojan-activity;sid:83685402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822288)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.29.19.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822288/; classtype:trojan-activity;sid:83685388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822294)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"75.136.50.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822294/; classtype:trojan-activity;sid:83685394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822295)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.0.131.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822295/; classtype:trojan-activity;sid:83685395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822284)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"173.235.65.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822284/; classtype:trojan-activity;sid:83685384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822286)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.237.250.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822286/; classtype:trojan-activity;sid:83685386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822287)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.236.46.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822287/; classtype:trojan-activity;sid:83685387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822275)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.131.244.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822275/; classtype:trojan-activity;sid:83685375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822280)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.64.210.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822280/; classtype:trojan-activity;sid:83685380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822272)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"117.120.28.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822272/; classtype:trojan-activity;sid:83685372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822268)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.122.96.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822268/; classtype:trojan-activity;sid:83685368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822263)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.228.64.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822263/; classtype:trojan-activity;sid:83685363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822255)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.159.74.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822255/; classtype:trojan-activity;sid:83685355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822257)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.57.135.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822257/; classtype:trojan-activity;sid:83685357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822259)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.90.207.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822259/; classtype:trojan-activity;sid:83685359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822249)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.215.23.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822249/; classtype:trojan-activity;sid:83685349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822250)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.117.210.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822250/; classtype:trojan-activity;sid:83685350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822253)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.83.245.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822253/; classtype:trojan-activity;sid:83685353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822240)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.28.58.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822240/; classtype:trojan-activity;sid:83685340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822245)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"146.196.120.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822245/; classtype:trojan-activity;sid:83685345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822234)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.193.118.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822234/; classtype:trojan-activity;sid:83685334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822226)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.189.199.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822226/; classtype:trojan-activity;sid:83685326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822227)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.155.64.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822227/; classtype:trojan-activity;sid:83685327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822228)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.17.248.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822228/; classtype:trojan-activity;sid:83685328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822229)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"208.89.168.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822229/; classtype:trojan-activity;sid:83685329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822230)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.254.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822230/; classtype:trojan-activity;sid:83685330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822217)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"194.36.80.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822217/; classtype:trojan-activity;sid:83685317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822219)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.153.22.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822219/; classtype:trojan-activity;sid:83685319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822210)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.5.52.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822210/; classtype:trojan-activity;sid:83685310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822214)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.217.148.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822214/; classtype:trojan-activity;sid:83685314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822204)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.157.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822204/; classtype:trojan-activity;sid:83685304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822205)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.188.254.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822205/; classtype:trojan-activity;sid:83685305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822208)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"194.183.186.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822208/; classtype:trojan-activity;sid:83685308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822196)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.40.84.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822196/; classtype:trojan-activity;sid:83685296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822197)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.186.54.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822197/; classtype:trojan-activity;sid:83685297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822200)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.211.154.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822200/; classtype:trojan-activity;sid:83685300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822194)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.254.192.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822194/; classtype:trojan-activity;sid:83685294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822192)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.255.164.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822192/; classtype:trojan-activity;sid:83685292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822189)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.145.168.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822189/; classtype:trojan-activity;sid:83685289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822190)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.162.113.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822190/; classtype:trojan-activity;sid:83685290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822182)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.91.125.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822182/; classtype:trojan-activity;sid:83685282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822184)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"194.187.151.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822184/; classtype:trojan-activity;sid:83685284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822173)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822173/; classtype:trojan-activity;sid:83685273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822178)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.60.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822178/; classtype:trojan-activity;sid:83685278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822181)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.241.19.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822181/; classtype:trojan-activity;sid:83685281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822161)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.159.4.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822161/; classtype:trojan-activity;sid:83685261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822162)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.62.233.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822162/; classtype:trojan-activity;sid:83685262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822163)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"180.250.160.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822163/; classtype:trojan-activity;sid:83685263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822165)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"211.186.82.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822165/; classtype:trojan-activity;sid:83685265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822167)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.173.173.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822167/; classtype:trojan-activity;sid:83685267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822169)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.34.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822169/; classtype:trojan-activity;sid:83685269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822170)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.93.219.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822170/; classtype:trojan-activity;sid:83685270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822153)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.52.86.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822153/; classtype:trojan-activity;sid:83685253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822155)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.18.223.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822155/; classtype:trojan-activity;sid:83685255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822149)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.129.2.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822149/; classtype:trojan-activity;sid:83685249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822151)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.218.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822151/; classtype:trojan-activity;sid:83685251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822142)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.44.110.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822142/; classtype:trojan-activity;sid:83685242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822144)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"102.0.4.86"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822144/; classtype:trojan-activity;sid:83685244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822140)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.211.8.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822140/; classtype:trojan-activity;sid:83685240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822141)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"102.141.234.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822141/; classtype:trojan-activity;sid:83685241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822129)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"150.107.205.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822129/; classtype:trojan-activity;sid:83685229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822131)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.162.141.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822131/; classtype:trojan-activity;sid:83685231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822132)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"150.129.202.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822132/; classtype:trojan-activity;sid:83685232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822133)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.154.84.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822133/; classtype:trojan-activity;sid:83685233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822134)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.89.240.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822134/; classtype:trojan-activity;sid:83685234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822125)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.17.23.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822125/; classtype:trojan-activity;sid:83685225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822127)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.200.63.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822127/; classtype:trojan-activity;sid:83685227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822117)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.7.20.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822117/; classtype:trojan-activity;sid:83685217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822121)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.247.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822121/; classtype:trojan-activity;sid:83685221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822123)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.92.143.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822123/; classtype:trojan-activity;sid:83685223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822100)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"83.147.93.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822100/; classtype:trojan-activity;sid:83685200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822102)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"138.122.43.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822102/; classtype:trojan-activity;sid:83685202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822107)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.241.77.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822107/; classtype:trojan-activity;sid:83685207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822083)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.162.70.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822083/; classtype:trojan-activity;sid:83685183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822084)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.20.51.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822084/; classtype:trojan-activity;sid:83685184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822091)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.62.179.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822091/; classtype:trojan-activity;sid:83685191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822092)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.70.204.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822092/; classtype:trojan-activity;sid:83685192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822073)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.121.161.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822073/; classtype:trojan-activity;sid:83685173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822077)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.4.44.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822077/; classtype:trojan-activity;sid:83685177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822066)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.173.163.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822066/; classtype:trojan-activity;sid:83685166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822067)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.203.218.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822067/; classtype:trojan-activity;sid:83685167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822072)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"174.78.254.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822072/; classtype:trojan-activity;sid:83685172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822063)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.221.254.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822063/; classtype:trojan-activity;sid:83685163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822064)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.187.151.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822064/; classtype:trojan-activity;sid:83685164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822058)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.137.36.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822058/; classtype:trojan-activity;sid:83685158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822054)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.0.129.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822054/; classtype:trojan-activity;sid:83685154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822048)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.73.121.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822048/; classtype:trojan-activity;sid:83685148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822052)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.69.88.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822052/; classtype:trojan-activity;sid:83685152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822042)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.113.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822042/; classtype:trojan-activity;sid:83685142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822044)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822044/; classtype:trojan-activity;sid:83685144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822047)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.29.249.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822047/; classtype:trojan-activity;sid:83685147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822035)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.208.145.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822035/; classtype:trojan-activity;sid:83685135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822039)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.48.119.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822039/; classtype:trojan-activity;sid:83685139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822041)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.115.103.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822041/; classtype:trojan-activity;sid:83685141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822024)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.4.147.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822024/; classtype:trojan-activity;sid:83685124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822025)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"216.188.216.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822025/; classtype:trojan-activity;sid:83685125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822027)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.100.241.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822027/; classtype:trojan-activity;sid:83685127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822017)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.194.25.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822017/; classtype:trojan-activity;sid:83685117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822018)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.192.78.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822018/; classtype:trojan-activity;sid:83685118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822019)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.73.244.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822019/; classtype:trojan-activity;sid:83685119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822013)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"69.70.215.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822013/; classtype:trojan-activity;sid:83685113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822014)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.119.95.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822014/; classtype:trojan-activity;sid:83685114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822011)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.237.157.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822011/; classtype:trojan-activity;sid:83685111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822007)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.122.211.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822007/; classtype:trojan-activity;sid:83685107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822008)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.205.131.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822008/; classtype:trojan-activity;sid:83685108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821996)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.230.158.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821996/; classtype:trojan-activity;sid:83685096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822003)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"86.38.171.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822003/; classtype:trojan-activity;sid:83685103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822004)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.251.5.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822004/; classtype:trojan-activity;sid:83685104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822006)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.89.245.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822006/; classtype:trojan-activity;sid:83685106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821981)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.58.83.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821981/; classtype:trojan-activity;sid:83685081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821976)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.188.30.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821976/; classtype:trojan-activity;sid:83685076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821977)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.92.68.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821977/; classtype:trojan-activity;sid:83685077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821980)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.32.86.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821980/; classtype:trojan-activity;sid:83685080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821969)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.34.22.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821969/; classtype:trojan-activity;sid:83685069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821961)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.92.93.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821961/; classtype:trojan-activity;sid:83685061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821959)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.151.56.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821959/; classtype:trojan-activity;sid:83685059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821960)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.133.95.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821960/; classtype:trojan-activity;sid:83685060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821952)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.139.153.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821952/; classtype:trojan-activity;sid:83685052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821953)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.231.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821953/; classtype:trojan-activity;sid:83685053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821942)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"76.76.195.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821942/; classtype:trojan-activity;sid:83685042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821949)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.0.129.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821949/; classtype:trojan-activity;sid:83685049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821928)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.88.109.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821928/; classtype:trojan-activity;sid:83685028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821930)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.16.143.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821930/; classtype:trojan-activity;sid:83685030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821931)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.2.23.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821931/; classtype:trojan-activity;sid:83685031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821934)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.53.164.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821934/; classtype:trojan-activity;sid:83685034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821939)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.193.59.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821939/; classtype:trojan-activity;sid:83685039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821926)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"210.4.69.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821926/; classtype:trojan-activity;sid:83685026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821917)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.195.191.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821917/; classtype:trojan-activity;sid:83685017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821918)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.126.195.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821918/; classtype:trojan-activity;sid:83685018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821915)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.43.228.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821915/; classtype:trojan-activity;sid:83685015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821911)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"120.50.10.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821911/; classtype:trojan-activity;sid:83685011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.10.211.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821858/; classtype:trojan-activity;sid:83684958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.43.228.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821854/; classtype:trojan-activity;sid:83684954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.114.137.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821850/; classtype:trojan-activity;sid:83684950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.182.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821851/; classtype:trojan-activity;sid:83684951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.211.153.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821839/; classtype:trojan-activity;sid:83684939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.59.90.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821840/; classtype:trojan-activity;sid:83684940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.162.70.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821844/; classtype:trojan-activity;sid:83684944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.183.186.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821834/; classtype:trojan-activity;sid:83684934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821836/; classtype:trojan-activity;sid:83684936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.155.64.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821838/; classtype:trojan-activity;sid:83684938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.148.20.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821829/; classtype:trojan-activity;sid:83684929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.196.120.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821825/; classtype:trojan-activity;sid:83684925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.190.57.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821826/; classtype:trojan-activity;sid:83684926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.0.131.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821818/; classtype:trojan-activity;sid:83684918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.218.50.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821819/; classtype:trojan-activity;sid:83684919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.195.191.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821821/; classtype:trojan-activity;sid:83684921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.129.2.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821811/; classtype:trojan-activity;sid:83684911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.77.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821813/; classtype:trojan-activity;sid:83684913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.0.129.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821806/; classtype:trojan-activity;sid:83684906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.41.63.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821800/; classtype:trojan-activity;sid:83684900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.193.62.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821801/; classtype:trojan-activity;sid:83684901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.159.1.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821802/; classtype:trojan-activity;sid:83684902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.185.119.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821804/; classtype:trojan-activity;sid:83684904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.147.120.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821793/; classtype:trojan-activity;sid:83684893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.187.149.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821794/; classtype:trojan-activity;sid:83684894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.7.20.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821789/; classtype:trojan-activity;sid:83684889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"75.136.50.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821790/; classtype:trojan-activity;sid:83684890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.149.127.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821783/; classtype:trojan-activity;sid:83684883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.201.160.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821784/; classtype:trojan-activity;sid:83684884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.175.134.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821776/; classtype:trojan-activity;sid:83684876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.236.46.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821772/; classtype:trojan-activity;sid:83684872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.34.20.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821770/; classtype:trojan-activity;sid:83684870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.124.33.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821764/; classtype:trojan-activity;sid:83684864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.96.214.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821759/; classtype:trojan-activity;sid:83684859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.129.2.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821762/; classtype:trojan-activity;sid:83684862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"173.235.65.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821753/; classtype:trojan-activity;sid:83684853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.129.202.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821754/; classtype:trojan-activity;sid:83684854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.211.252.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821755/; classtype:trojan-activity;sid:83684855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.2.23.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821747/; classtype:trojan-activity;sid:83684847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.18.223.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821751/; classtype:trojan-activity;sid:83684851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.151.143.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821740/; classtype:trojan-activity;sid:83684840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.205.131.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821743/; classtype:trojan-activity;sid:83684843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.126.195.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821744/; classtype:trojan-activity;sid:83684844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.104.195.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821745/; classtype:trojan-activity;sid:83684845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.4.44.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821735/; classtype:trojan-activity;sid:83684835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.188.30.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821737/; classtype:trojan-activity;sid:83684837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.150.253.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821738/; classtype:trojan-activity;sid:83684838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.53.164.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821729/; classtype:trojan-activity;sid:83684829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.57.135.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821730/; classtype:trojan-activity;sid:83684830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.154.187.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821732/; classtype:trojan-activity;sid:83684832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.59.133.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821734/; classtype:trojan-activity;sid:83684834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.159.4.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821721/; classtype:trojan-activity;sid:83684821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.5.19.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821722/; classtype:trojan-activity;sid:83684822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.115.103.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821723/; classtype:trojan-activity;sid:83684823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"147.91.249.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821726/; classtype:trojan-activity;sid:83684826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.117.210.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821710/; classtype:trojan-activity;sid:83684810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.173.173.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821711/; classtype:trojan-activity;sid:83684811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.93.245.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821703/; classtype:trojan-activity;sid:83684803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.246.177.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821690/; classtype:trojan-activity;sid:83684790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.159.0.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821692/; classtype:trojan-activity;sid:83684792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.5.50.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821693/; classtype:trojan-activity;sid:83684793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.106.58.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821697/; classtype:trojan-activity;sid:83684797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.186.82.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821699/; classtype:trojan-activity;sid:83684799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.224.243.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821700/; classtype:trojan-activity;sid:83684800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.63.242.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821679/; classtype:trojan-activity;sid:83684779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.86.123.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821685/; classtype:trojan-activity;sid:83684785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.49.0.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821689/; classtype:trojan-activity;sid:83684789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.0.129.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821676/; classtype:trojan-activity;sid:83684776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.184.231.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821677/; classtype:trojan-activity;sid:83684777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"179.190.109.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821678/; classtype:trojan-activity;sid:83684778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.129.147.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821673/; classtype:trojan-activity;sid:83684773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.22.237.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821669/; classtype:trojan-activity;sid:83684769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.137.36.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821670/; classtype:trojan-activity;sid:83684770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.200.106.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821660/; classtype:trojan-activity;sid:83684760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.78.201.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821657/; classtype:trojan-activity;sid:83684757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.109.201.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821659/; classtype:trojan-activity;sid:83684759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.99.230.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821653/; classtype:trojan-activity;sid:83684753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.248.145.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821654/; classtype:trojan-activity;sid:83684754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.252.66.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821646/; classtype:trojan-activity;sid:83684746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.193.59.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821639/; classtype:trojan-activity;sid:83684739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.12.6.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821629/; classtype:trojan-activity;sid:83684729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.94.245.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821633/; classtype:trojan-activity;sid:83684733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.201.160.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821637/; classtype:trojan-activity;sid:83684737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.61.163.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821619/; classtype:trojan-activity;sid:83684719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.207.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821622/; classtype:trojan-activity;sid:83684722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.237.250.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821625/; classtype:trojan-activity;sid:83684725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.2.237.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821616/; classtype:trojan-activity;sid:83684716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.208.56.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821617/; classtype:trojan-activity;sid:83684717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.128.231.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821618/; classtype:trojan-activity;sid:83684718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.16.143.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821611/; classtype:trojan-activity;sid:83684711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.92.222.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821613/; classtype:trojan-activity;sid:83684713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.211.154.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821609/; classtype:trojan-activity;sid:83684709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.129.202.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821597/; classtype:trojan-activity;sid:83684697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.68.95.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821599/; classtype:trojan-activity;sid:83684699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.42.98.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821603/; classtype:trojan-activity;sid:83684703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.196.120.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821594/; classtype:trojan-activity;sid:83684694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.134.42.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821595/; classtype:trojan-activity;sid:83684695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.101.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821580/; classtype:trojan-activity;sid:83684680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.5.52.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820656/; classtype:trojan-activity;sid:83683756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.5.52.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820657/; classtype:trojan-activity;sid:83683757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.218.152.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820658/; classtype:trojan-activity;sid:83683758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.200.63.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818999/; classtype:trojan-activity;sid:83682099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.224.100.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818993/; classtype:trojan-activity;sid:83682093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.52.86.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818988/; classtype:trojan-activity;sid:83682088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.241.19.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818986/; classtype:trojan-activity;sid:83682086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.30.245.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818987/; classtype:trojan-activity;sid:83682087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.15.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818983/; classtype:trojan-activity;sid:83682083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.254.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818984/; classtype:trojan-activity;sid:83682084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.38.24.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818967/; classtype:trojan-activity;sid:83682067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.71.250.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818974/; classtype:trojan-activity;sid:83682074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.140.32.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818975/; classtype:trojan-activity;sid:83682075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.164.200.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818963/; classtype:trojan-activity;sid:83682063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.141.234.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818965/; classtype:trojan-activity;sid:83682065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.114.191.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818966/; classtype:trojan-activity;sid:83682066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.167.25.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818948/; classtype:trojan-activity;sid:83682048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.119.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818942/; classtype:trojan-activity;sid:83682042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.182.214.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818943/; classtype:trojan-activity;sid:83682043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.137.36.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818930/; classtype:trojan-activity;sid:83682030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.241.77.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818931/; classtype:trojan-activity;sid:83682031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.90.207.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818939/; classtype:trojan-activity;sid:83682039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.135.142.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818940/; classtype:trojan-activity;sid:83682040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.41.225.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818915/; classtype:trojan-activity;sid:83682015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818917/; classtype:trojan-activity;sid:83682017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.143.133.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818920/; classtype:trojan-activity;sid:83682020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.58.78.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818911/; classtype:trojan-activity;sid:83682011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.73.244.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818912/; classtype:trojan-activity;sid:83682012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.73.49.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818905/; classtype:trojan-activity;sid:83682005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.254.192.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818906/; classtype:trojan-activity;sid:83682006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.202.49.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818899/; classtype:trojan-activity;sid:83681999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.133.95.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818884/; classtype:trojan-activity;sid:83681984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.193.21.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818887/; classtype:trojan-activity;sid:83681987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.119.95.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818881/; classtype:trojan-activity;sid:83681981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.111.182.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818876/; classtype:trojan-activity;sid:83681976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.232.188.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818877/; classtype:trojan-activity;sid:83681977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.120.28.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818878/; classtype:trojan-activity;sid:83681978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.215.23.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818865/; classtype:trojan-activity;sid:83681965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.31.28.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818864/; classtype:trojan-activity;sid:83681964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.40.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818853/; classtype:trojan-activity;sid:83681953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.187.36.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818851/; classtype:trojan-activity;sid:83681951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.122.43.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818838/; classtype:trojan-activity;sid:83681938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"76.76.195.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818843/; classtype:trojan-activity;sid:83681943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.176.113.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818832/; classtype:trojan-activity;sid:83681932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.102.177.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818823/; classtype:trojan-activity;sid:83681923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"136.169.119.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818826/; classtype:trojan-activity;sid:83681926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.86.199.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818814/; classtype:trojan-activity;sid:83681914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.216.69.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818820/; classtype:trojan-activity;sid:83681920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"139.60.191.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818821/; classtype:trojan-activity;sid:83681921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.161.217.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818797/; classtype:trojan-activity;sid:83681897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.145.168.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818798/; classtype:trojan-activity;sid:83681898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.40.84.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818800/; classtype:trojan-activity;sid:83681900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.62.233.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818804/; classtype:trojan-activity;sid:83681904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.153.20.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818806/; classtype:trojan-activity;sid:83681906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"108.162.187.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818807/; classtype:trojan-activity;sid:83681907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"63.78.214.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818777/; classtype:trojan-activity;sid:83681877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.114.200.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818778/; classtype:trojan-activity;sid:83681878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.203.218.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818772/; classtype:trojan-activity;sid:83681872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.83.245.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818768/; classtype:trojan-activity;sid:83681868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.180.35.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818758/; classtype:trojan-activity;sid:83681858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.69.219.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818271/; classtype:trojan-activity;sid:83681371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.105.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818240/; classtype:trojan-activity;sid:83681340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.231.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818237/; classtype:trojan-activity;sid:83681337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.251.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818229/; classtype:trojan-activity;sid:83681329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.150.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818227/; classtype:trojan-activity;sid:83681327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818228/; classtype:trojan-activity;sid:83681328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.93.219.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818223/; classtype:trojan-activity;sid:83681323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817357)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1w6j0xeptoliyrblijhnxbm_qnnoptzfw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817357/; classtype:trojan-activity;sid:83680457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817239)"; flow:established,from_client; content:"GET"; http_method; content:"/pbhhdf/12/raw/main/keepvid-pro_full2578.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817239/; classtype:trojan-activity;sid:83680339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817148)"; flow:established,from_client; content:"GET"; http_method; content:"/coolismoney/laughing-octo-tribble/releases/download/v2/crazycore.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817148/; classtype:trojan-activity;sid:83680248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.52.48.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814130/; classtype:trojan-activity;sid:83677230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.162.141.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814129/; classtype:trojan-activity;sid:83677229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.21.223.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814127/; classtype:trojan-activity;sid:83677227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.250.160.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814128/; classtype:trojan-activity;sid:83677228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.193.88.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814125/; classtype:trojan-activity;sid:83677225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.228.134.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814116/; classtype:trojan-activity;sid:83677216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.71.46.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814117/; classtype:trojan-activity;sid:83677217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.113.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814122/; classtype:trojan-activity;sid:83677222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.12.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814108/; classtype:trojan-activity;sid:83677208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.133.214.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814109/; classtype:trojan-activity;sid:83677209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.123.142.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814100/; classtype:trojan-activity;sid:83677200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.76.195.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814103/; classtype:trojan-activity;sid:83677203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.126.186.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814105/; classtype:trojan-activity;sid:83677205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.231.226.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814093/; classtype:trojan-activity;sid:83677193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.128.195.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814095/; classtype:trojan-activity;sid:83677195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.254.173.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814087/; classtype:trojan-activity;sid:83677187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.22.48.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814080/; classtype:trojan-activity;sid:83677180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.34.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814082/; classtype:trojan-activity;sid:83677182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.67.115.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813793/; classtype:trojan-activity;sid:83676893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.247.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813151/; classtype:trojan-activity;sid:83676251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.153.22.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813148/; classtype:trojan-activity;sid:83676248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.28.123.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813150/; classtype:trojan-activity;sid:83676250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.218.249.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813140/; classtype:trojan-activity;sid:83676240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.30.85.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813143/; classtype:trojan-activity;sid:83676243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.253.154.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813147/; classtype:trojan-activity;sid:83676247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.89.245.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813137/; classtype:trojan-activity;sid:83676237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.91.144.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813133/; classtype:trojan-activity;sid:83676233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.100.50.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813128/; classtype:trojan-activity;sid:83676228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.198.242.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813129/; classtype:trojan-activity;sid:83676229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.157.219.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813130/; classtype:trojan-activity;sid:83676230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.249.140.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813132/; classtype:trojan-activity;sid:83676232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.248.81.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813122/; classtype:trojan-activity;sid:83676222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.188.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813118/; classtype:trojan-activity;sid:83676218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.151.56.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813107/; classtype:trojan-activity;sid:83676207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.165.209.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813108/; classtype:trojan-activity;sid:83676208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.141.135.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813098/; classtype:trojan-activity;sid:83676198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.179.121.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813100/; classtype:trojan-activity;sid:83676200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813101/; classtype:trojan-activity;sid:83676201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.190.142.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813103/; classtype:trojan-activity;sid:83676203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.29.249.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813084/; classtype:trojan-activity;sid:83676184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.39.242.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813081/; classtype:trojan-activity;sid:83676181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.249.52.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813070/; classtype:trojan-activity;sid:83676170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.187.151.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813072/; classtype:trojan-activity;sid:83676172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.228.64.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813057/; classtype:trojan-activity;sid:83676157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.77.74.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813060/; classtype:trojan-activity;sid:83676160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.189.125.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813064/; classtype:trojan-activity;sid:83676164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.109.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813048/; classtype:trojan-activity;sid:83676148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"144.48.169.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813051/; classtype:trojan-activity;sid:83676151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.244.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813052/; classtype:trojan-activity;sid:83676152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.230.153.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813037/; classtype:trojan-activity;sid:83676137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.68.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813039/; classtype:trojan-activity;sid:83676139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.70.204.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813040/; classtype:trojan-activity;sid:83676140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.58.21.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813041/; classtype:trojan-activity;sid:83676141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.29.137.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813029/; classtype:trojan-activity;sid:83676129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.69.79.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809237/; classtype:trojan-activity;sid:83672337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.255.164.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809236/; classtype:trojan-activity;sid:83672336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.239.105.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809231/; classtype:trojan-activity;sid:83672331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.175.223.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809227/; classtype:trojan-activity;sid:83672327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.211.197.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809228/; classtype:trojan-activity;sid:83672328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.81.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809223/; classtype:trojan-activity;sid:83672323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.100.241.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809224/; classtype:trojan-activity;sid:83672324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.60.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809225/; classtype:trojan-activity;sid:83672325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.244.169.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809226/; classtype:trojan-activity;sid:83672326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.9.192.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809221/; classtype:trojan-activity;sid:83672321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.211.8.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809208/; classtype:trojan-activity;sid:83672308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.93.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809209/; classtype:trojan-activity;sid:83672309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.95.186.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809204/; classtype:trojan-activity;sid:83672304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.4.124.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809202/; classtype:trojan-activity;sid:83672302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.122.96.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809203/; classtype:trojan-activity;sid:83672303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.71.69.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809190/; classtype:trojan-activity;sid:83672290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.89.188.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809193/; classtype:trojan-activity;sid:83672293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809182)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.114.109.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809182/; classtype:trojan-activity;sid:83672282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809184)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.254.223.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809184/; classtype:trojan-activity;sid:83672284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.193.118.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809187/; classtype:trojan-activity;sid:83672287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.54.121.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809177/; classtype:trojan-activity;sid:83672277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.215.61.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809173/; classtype:trojan-activity;sid:83672273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.119.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809175/; classtype:trojan-activity;sid:83672275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.140.99.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809171/; classtype:trojan-activity;sid:83672271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.65.45.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809167/; classtype:trojan-activity;sid:83672267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809162/; classtype:trojan-activity;sid:83672262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.42.201.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809158/; classtype:trojan-activity;sid:83672258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.101.191.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809160/; classtype:trojan-activity;sid:83672260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.34.22.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809142/; classtype:trojan-activity;sid:83672242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"208.89.168.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809146/; classtype:trojan-activity;sid:83672246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.65.15.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809149/; classtype:trojan-activity;sid:83672249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809136/; classtype:trojan-activity;sid:83672236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.98.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809139/; classtype:trojan-activity;sid:83672239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.53.164.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809140/; classtype:trojan-activity;sid:83672240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.49.47.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809130/; classtype:trojan-activity;sid:83672230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.180.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809132/; classtype:trojan-activity;sid:83672232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.139.121.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809135/; classtype:trojan-activity;sid:83672235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.32.86.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809128/; classtype:trojan-activity;sid:83672228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.254.255.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809123/; classtype:trojan-activity;sid:83672223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.94.29.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809115/; classtype:trojan-activity;sid:83672215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.38.60.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809116/; classtype:trojan-activity;sid:83672216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.193.120.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809117/; classtype:trojan-activity;sid:83672217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.58.83.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809120/; classtype:trojan-activity;sid:83672220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.50.10.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809107/; classtype:trojan-activity;sid:83672207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.120.211.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809108/; classtype:trojan-activity;sid:83672208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.214.56.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809112/; classtype:trojan-activity;sid:83672212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.43.201.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809113/; classtype:trojan-activity;sid:83672213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.7.153.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809105/; classtype:trojan-activity;sid:83672205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.155.192.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809106/; classtype:trojan-activity;sid:83672206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.42.121.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809100/; classtype:trojan-activity;sid:83672200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.200.63.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809084/; classtype:trojan-activity;sid:83672184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.165.112.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809088/; classtype:trojan-activity;sid:83672188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.251.5.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809089/; classtype:trojan-activity;sid:83672189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.200.72.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809091/; classtype:trojan-activity;sid:83672191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.28.58.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809073/; classtype:trojan-activity;sid:83672173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.248.56.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809077/; classtype:trojan-activity;sid:83672177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.240.37.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809056/; classtype:trojan-activity;sid:83672156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.222.45.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809054/; classtype:trojan-activity;sid:83672154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.36.80.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809010/; classtype:trojan-activity;sid:83672110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.29.19.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809011/; classtype:trojan-activity;sid:83672111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.140.100.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809006/; classtype:trojan-activity;sid:83672106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"141.105.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808999/; classtype:trojan-activity;sid:83672099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.28.11.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808985/; classtype:trojan-activity;sid:83672085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.228.135.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808986/; classtype:trojan-activity;sid:83672086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.61.246.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808980/; classtype:trojan-activity;sid:83672080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.154.131.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808981/; classtype:trojan-activity;sid:83672081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.237.157.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808972/; classtype:trojan-activity;sid:83672072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.19.174.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808973/; classtype:trojan-activity;sid:83672073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.170.251.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808962/; classtype:trojan-activity;sid:83672062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.69.88.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808963/; classtype:trojan-activity;sid:83672063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.210.50.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808966/; classtype:trojan-activity;sid:83672066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.57.33.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808967/; classtype:trojan-activity;sid:83672067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.105.79.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808968/; classtype:trojan-activity;sid:83672068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.192.78.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808970/; classtype:trojan-activity;sid:83672070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.157.212.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808957/; classtype:trojan-activity;sid:83672057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.4.147.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808951/; classtype:trojan-activity;sid:83672051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.210.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808948/; classtype:trojan-activity;sid:83672048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.139.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808947/; classtype:trojan-activity;sid:83672047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.121.161.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808946/; classtype:trojan-activity;sid:83672046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.245.112.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808929/; classtype:trojan-activity;sid:83672029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.208.145.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808931/; classtype:trojan-activity;sid:83672031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.101.81.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808933/; classtype:trojan-activity;sid:83672033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.227.118.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808935/; classtype:trojan-activity;sid:83672035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.18.223.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808936/; classtype:trojan-activity;sid:83672036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.234.203.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808937/; classtype:trojan-activity;sid:83672037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.188.254.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808939/; classtype:trojan-activity;sid:83672039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.162.113.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808924/; classtype:trojan-activity;sid:83672024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.116.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808928/; classtype:trojan-activity;sid:83672028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"69.70.215.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808917/; classtype:trojan-activity;sid:83672017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.50.7.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808918/; classtype:trojan-activity;sid:83672018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.151.29.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808906/; classtype:trojan-activity;sid:83672006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.84.212.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808907/; classtype:trojan-activity;sid:83672007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.188.215.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808909/; classtype:trojan-activity;sid:83672009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.154.135.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808910/; classtype:trojan-activity;sid:83672010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.74.128.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808911/; classtype:trojan-activity;sid:83672011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.189.199.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808912/; classtype:trojan-activity;sid:83672012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.20.122.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808895/; classtype:trojan-activity;sid:83671995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.64.96.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808900/; classtype:trojan-activity;sid:83672000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.6.101.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808886/; classtype:trojan-activity;sid:83671986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.144.235.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808882/; classtype:trojan-activity;sid:83671982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808883/; classtype:trojan-activity;sid:83671983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.48.119.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808880/; classtype:trojan-activity;sid:83671980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.5.61.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808876/; classtype:trojan-activity;sid:83671976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.201.25.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808872/; classtype:trojan-activity;sid:83671972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808873)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.16.75.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808873/; classtype:trojan-activity;sid:83671973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.218.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808875/; classtype:trojan-activity;sid:83671975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.52.164.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808870/; classtype:trojan-activity;sid:83671970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.78.118.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808861/; classtype:trojan-activity;sid:83671961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.42.113.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808850/; classtype:trojan-activity;sid:83671950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.89.11.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808851/; classtype:trojan-activity;sid:83671951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.204.177.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808852/; classtype:trojan-activity;sid:83671952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.44.110.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808854/; classtype:trojan-activity;sid:83671954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.247.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808842/; classtype:trojan-activity;sid:83671942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.4.110.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808832/; classtype:trojan-activity;sid:83671932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.60.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808836/; classtype:trojan-activity;sid:83671936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.245.10.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808823/; classtype:trojan-activity;sid:83671923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.189.172.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808826/; classtype:trojan-activity;sid:83671926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.177.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808827/; classtype:trojan-activity;sid:83671927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"174.78.254.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808829/; classtype:trojan-activity;sid:83671929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.112.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808820/; classtype:trojan-activity;sid:83671920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.154.93.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808814/; classtype:trojan-activity;sid:83671914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.187.151.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808809/; classtype:trojan-activity;sid:83671909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.81.127.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808802/; classtype:trojan-activity;sid:83671902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808792/; classtype:trojan-activity;sid:83671892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.164.252.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808793/; classtype:trojan-activity;sid:83671893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.122.211.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808794/; classtype:trojan-activity;sid:83671894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.107.205.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808795/; classtype:trojan-activity;sid:83671895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.20.51.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808797/; classtype:trojan-activity;sid:83671897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.217.148.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808798/; classtype:trojan-activity;sid:83671898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.170.48.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808787/; classtype:trojan-activity;sid:83671887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.173.163.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808778/; classtype:trojan-activity;sid:83671878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.43.34.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808770/; classtype:trojan-activity;sid:83671870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.165.79.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808771/; classtype:trojan-activity;sid:83671871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"153.152.44.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808766/; classtype:trojan-activity;sid:83671866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.139.153.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808767/; classtype:trojan-activity;sid:83671867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.183.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808756/; classtype:trojan-activity;sid:83671856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.157.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808758/; classtype:trojan-activity;sid:83671858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.17.23.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808754/; classtype:trojan-activity;sid:83671854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.175.42.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808746/; classtype:trojan-activity;sid:83671846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.147.93.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808748/; classtype:trojan-activity;sid:83671848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.120.98.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808751/; classtype:trojan-activity;sid:83671851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.214.241.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808734/; classtype:trojan-activity;sid:83671834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.111.116.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808735/; classtype:trojan-activity;sid:83671835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.159.74.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808737/; classtype:trojan-activity;sid:83671837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.71.191.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808738/; classtype:trojan-activity;sid:83671838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.197.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808739/; classtype:trojan-activity;sid:83671839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.17.248.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808708/; classtype:trojan-activity;sid:83671808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.113.124.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808710/; classtype:trojan-activity;sid:83671810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.62.179.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808715/; classtype:trojan-activity;sid:83671815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.73.121.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808716/; classtype:trojan-activity;sid:83671816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.129.106.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808717/; classtype:trojan-activity;sid:83671817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.176.7.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808701/; classtype:trojan-activity;sid:83671801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.34.7.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808652/; classtype:trojan-activity;sid:83671752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.131.244.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808644/; classtype:trojan-activity;sid:83671744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.60.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808636/; classtype:trojan-activity;sid:83671736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.28.58.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808631/; classtype:trojan-activity;sid:83671731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.176.137.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808630/; classtype:trojan-activity;sid:83671730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"210.4.69.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808616/; classtype:trojan-activity;sid:83671716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.6.74.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808610/; classtype:trojan-activity;sid:83671710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.218.152.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808603/; classtype:trojan-activity;sid:83671703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.80.244.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808594/; classtype:trojan-activity;sid:83671694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.82.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808599/; classtype:trojan-activity;sid:83671699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.190.69.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808575/; classtype:trojan-activity;sid:83671675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.1.157.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808564/; classtype:trojan-activity;sid:83671664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.73.242.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808563/; classtype:trojan-activity;sid:83671663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.0.4.86"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808561/; classtype:trojan-activity;sid:83671661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.7.27.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808562/; classtype:trojan-activity;sid:83671662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.186.54.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808560/; classtype:trojan-activity;sid:83671660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.142.114.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808540/; classtype:trojan-activity;sid:83671640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.190.70.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808542/; classtype:trojan-activity;sid:83671642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.189.222.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808545/; classtype:trojan-activity;sid:83671645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.180.9.57"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808551/; classtype:trojan-activity;sid:83671651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.87.5.2"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808533/; classtype:trojan-activity;sid:83671633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.50.7.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808528/; classtype:trojan-activity;sid:83671628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.191.218.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808521/; classtype:trojan-activity;sid:83671621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.140.176.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808522/; classtype:trojan-activity;sid:83671622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.171.80.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808524/; classtype:trojan-activity;sid:83671624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.244.112.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808511/; classtype:trojan-activity;sid:83671611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808515/; classtype:trojan-activity;sid:83671615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.187.82.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808504/; classtype:trojan-activity;sid:83671604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.139.249.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808496/; classtype:trojan-activity;sid:83671596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.90.207.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808492/; classtype:trojan-activity;sid:83671592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.19.172.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808485/; classtype:trojan-activity;sid:83671585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.68.161.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808482/; classtype:trojan-activity;sid:83671582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.69.88.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808475/; classtype:trojan-activity;sid:83671575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.42.243.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808478/; classtype:trojan-activity;sid:83671578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.242.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808467/; classtype:trojan-activity;sid:83671567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.78.215.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808468/; classtype:trojan-activity;sid:83671568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.140.105.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808470/; classtype:trojan-activity;sid:83671570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.36.68.156"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808474/; classtype:trojan-activity;sid:83671574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.154.84.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808459/; classtype:trojan-activity;sid:83671559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.234.218.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808447/; classtype:trojan-activity;sid:83671547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.92.143.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808448/; classtype:trojan-activity;sid:83671548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.200.203.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808432/; classtype:trojan-activity;sid:83671532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.25.214.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808442/; classtype:trojan-activity;sid:83671542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.0.136.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808443/; classtype:trojan-activity;sid:83671543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.156.46.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808445/; classtype:trojan-activity;sid:83671545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.213.157.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808423/; classtype:trojan-activity;sid:83671523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.89.199.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808424/; classtype:trojan-activity;sid:83671524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.116.68.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808427/; classtype:trojan-activity;sid:83671527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.73.70.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808430/; classtype:trojan-activity;sid:83671530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.209.255.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808413/; classtype:trojan-activity;sid:83671513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.119.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808416/; classtype:trojan-activity;sid:83671516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.216.28.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808418/; classtype:trojan-activity;sid:83671518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.194.25.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808420/; classtype:trojan-activity;sid:83671520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.249.54.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808421/; classtype:trojan-activity;sid:83671521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.221.254.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808406/; classtype:trojan-activity;sid:83671506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.91.171.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808408/; classtype:trojan-activity;sid:83671508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.195.100.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808400/; classtype:trojan-activity;sid:83671500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"47.50.169.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808390/; classtype:trojan-activity;sid:83671490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.89.240.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808396/; classtype:trojan-activity;sid:83671496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.57.121.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808397/; classtype:trojan-activity;sid:83671497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.182.214.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808376/; classtype:trojan-activity;sid:83671476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.230.158.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808380/; classtype:trojan-activity;sid:83671480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.190.76.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808383/; classtype:trojan-activity;sid:83671483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.38.171.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808388/; classtype:trojan-activity;sid:83671488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.80.242.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808369/; classtype:trojan-activity;sid:83671469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.72.39.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808371/; classtype:trojan-activity;sid:83671471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808373/; classtype:trojan-activity;sid:83671473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"98.103.171.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808374/; classtype:trojan-activity;sid:83671474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.114.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808366/; classtype:trojan-activity;sid:83671466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808309)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808309/; classtype:trojan-activity;sid:83671409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808300)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808300/; classtype:trojan-activity;sid:83671400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808303)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.91.125.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808303/; classtype:trojan-activity;sid:83671403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808304)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.139.121.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808304/; classtype:trojan-activity;sid:83671404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808306)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.190.70.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808306/; classtype:trojan-activity;sid:83671406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808307)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808307/; classtype:trojan-activity;sid:83671407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808308)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"102.141.234.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808308/; classtype:trojan-activity;sid:83671408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808284/; classtype:trojan-activity;sid:83671384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808287/; classtype:trojan-activity;sid:83671387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808289)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.78.215.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808289/; classtype:trojan-activity;sid:83671389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808291)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808291/; classtype:trojan-activity;sid:83671391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808281)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808281/; classtype:trojan-activity;sid:83671381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808271)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808271/; classtype:trojan-activity;sid:83671371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808273)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"102.141.234.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808273/; classtype:trojan-activity;sid:83671373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808274)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808274/; classtype:trojan-activity;sid:83671374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808275)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808275/; classtype:trojan-activity;sid:83671375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808276)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808276/; classtype:trojan-activity;sid:83671376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808277)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808277/; classtype:trojan-activity;sid:83671377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808278)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.91.125.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808278/; classtype:trojan-activity;sid:83671378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808279)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808279/; classtype:trojan-activity;sid:83671379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808280)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808280/; classtype:trojan-activity;sid:83671380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808264)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.139.121.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808264/; classtype:trojan-activity;sid:83671364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808231)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808231/; classtype:trojan-activity;sid:83671331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808232)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808232/; classtype:trojan-activity;sid:83671332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.190.70.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808233/; classtype:trojan-activity;sid:83671333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808234)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.141.234.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808234/; classtype:trojan-activity;sid:83671334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808235)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808235/; classtype:trojan-activity;sid:83671335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808236/; classtype:trojan-activity;sid:83671336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808241)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808241/; classtype:trojan-activity;sid:83671341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808242/; classtype:trojan-activity;sid:83671342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808244/; classtype:trojan-activity;sid:83671344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.78.215.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808245/; classtype:trojan-activity;sid:83671345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808247/; classtype:trojan-activity;sid:83671347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808248)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808248/; classtype:trojan-activity;sid:83671348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808249)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808249/; classtype:trojan-activity;sid:83671349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808250)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808250/; classtype:trojan-activity;sid:83671350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808225)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808225/; classtype:trojan-activity;sid:83671325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.139.121.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808226/; classtype:trojan-activity;sid:83671326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808227/; classtype:trojan-activity;sid:83671327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808215)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808215/; classtype:trojan-activity;sid:83671315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.91.125.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808216/; classtype:trojan-activity;sid:83671316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808217)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808217/; classtype:trojan-activity;sid:83671317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808219)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808219/; classtype:trojan-activity;sid:83671319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808221/; classtype:trojan-activity;sid:83671321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808222/; classtype:trojan-activity;sid:83671322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.141.234.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808224/; classtype:trojan-activity;sid:83671324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808199)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.78.215.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808199/; classtype:trojan-activity;sid:83671299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808198)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808198/; classtype:trojan-activity;sid:83671298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808187)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808187/; classtype:trojan-activity;sid:83671287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808189)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808189/; classtype:trojan-activity;sid:83671289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808190)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.190.70.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808190/; classtype:trojan-activity;sid:83671290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808191)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808191/; classtype:trojan-activity;sid:83671291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808193)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.91.125.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808193/; classtype:trojan-activity;sid:83671293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808195)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808195/; classtype:trojan-activity;sid:83671295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808196)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808196/; classtype:trojan-activity;sid:83671296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808175)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.141.234.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808175/; classtype:trojan-activity;sid:83671275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808176)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808176/; classtype:trojan-activity;sid:83671276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808177)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.141.234.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808177/; classtype:trojan-activity;sid:83671277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808178)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808178/; classtype:trojan-activity;sid:83671278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808179)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.139.121.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808179/; classtype:trojan-activity;sid:83671279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808183/; classtype:trojan-activity;sid:83671283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808184/; classtype:trojan-activity;sid:83671284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808167)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808167/; classtype:trojan-activity;sid:83671267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808168)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808168/; classtype:trojan-activity;sid:83671268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808160)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808160/; classtype:trojan-activity;sid:83671260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808161)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808161/; classtype:trojan-activity;sid:83671261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807492)"; flow:established,from_client; content:"GET"; http_method; content:"/ping"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.57.122.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807492/; classtype:trojan-activity;sid:83670592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807300)"; flow:established,from_client; content:"GET"; http_method; content:"/http.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.93.248.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807300/; classtype:trojan-activity;sid:83670400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806527)"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"138.36.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806527/; classtype:trojan-activity;sid:83669627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804806)"; flow:established,from_client; content:"GET"; http_method; content:"/slitaz/sources/packages/c/cross-compiler-armv6l.tar.bz2"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"distro.ibiblio.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804806/; classtype:trojan-activity;sid:83667906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798785)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.209.41.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2798785/; classtype:trojan-activity;sid:83661885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798784)"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.209.41.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2798784/; classtype:trojan-activity;sid:83661884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2793603)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1qxwff0k49bjdhwzotirkvqlqhebzgphg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_27; reference:url, urlhaus.abuse.ch/url/2793603/; classtype:trojan-activity;sid:83656703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790578)"; flow:established,from_client; content:"GET"; http_method; content:"/.index/scan.tar"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.216.207.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790578/; classtype:trojan-activity;sid:83653678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2789955)"; flow:established,from_client; content:"GET"; http_method; content:"/incoper887/tua/raw/main/build.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_03_22; reference:url, urlhaus.abuse.ch/url/2789955/; classtype:trojan-activity;sid:83653055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787791)"; flow:established,from_client; content:"GET"; http_method; content:"/ykwsyyt/help/hddrive1095_xinanplug3030_20230619_inno.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"60.22.23.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787791/; classtype:trojan-activity;sid:83650891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787397)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hditwve1kadzeycbldxttxi4mmhddgyp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787397/; classtype:trojan-activity;sid:83650497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787024)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"65.49.44.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787024/; classtype:trojan-activity;sid:83650124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787023)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.113.35.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787023/; classtype:trojan-activity;sid:83650123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786829)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1re9cqjrafya6wcb5e0zcolwdorvsf9pi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786829/; classtype:trojan-activity;sid:83649929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786674)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"47.101.206.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786674/; classtype:trojan-activity;sid:83649774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786672)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.96.147.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786672/; classtype:trojan-activity;sid:83649772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786663)"; flow:established,from_client; content:"GET"; http_method; content:"/washywashy14/7zip-bin/master/win/er5thygfd.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786663/; classtype:trojan-activity;sid:83649763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786661)"; flow:established,from_client; content:"GET"; http_method; content:"/washywashy14/7zip-bin/master/win/uemlxaw.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786661/; classtype:trojan-activity;sid:83649761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786649)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"2.42.168.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786649/; classtype:trojan-activity;sid:83649749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786332)"; flow:established,from_client; content:"GET"; http_method; content:"/exploit.class"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"39.98.107.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2786332/; classtype:trojan-activity;sid:83649432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786333)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.98.107.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2786333/; classtype:trojan-activity;sid:83649433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785768)"; flow:established,from_client; content:"GET"; http_method; content:"/zev3n/ubuntu-gnome-privilege-escalation/main/cve-2020-1612%5b6_7%5d_exploit.sh"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785768/; classtype:trojan-activity;sid:83648868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785466)"; flow:established,from_client; content:"GET"; http_method; content:"/licensing/deployment/yellow%20pages%20scraper.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"www.blackhattoolz.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785466/; classtype:trojan-activity;sid:83648566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785447)"; flow:established,from_client; content:"GET"; http_method; content:"/licensing/updates/tinder%20bot.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"www.blackhattoolz.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785447/; classtype:trojan-activity;sid:83648547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785235)"; flow:established,from_client; content:"GET"; http_method; content:"/ransomware.wannacry_plus.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"14.224.174.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_17; reference:url, urlhaus.abuse.ch/url/2785235/; classtype:trojan-activity;sid:83648335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782882)"; flow:established,from_client; content:"GET"; http_method; content:"/driveapplet.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"noithaticon.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_14; reference:url, urlhaus.abuse.ch/url/2782882/; classtype:trojan-activity;sid:83645982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782434)"; flow:established,from_client; content:"GET"; http_method; content:"/17c4755d1d45ed1bb454/8703634058188758823"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"f24-zfcloud.zdn.vn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782434/; classtype:trojan-activity;sid:83645534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2780261)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.72.39.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_11; reference:url, urlhaus.abuse.ch/url/2780261/; classtype:trojan-activity;sid:83643361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2780255)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"oys0ro.static.otenet.gr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_03_11; reference:url, urlhaus.abuse.ch/url/2780255/; classtype:trojan-activity;sid:83643355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777824)"; flow:established,from_client; content:"GET"; http_method; content:"/m.py"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.93.248.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_08; reference:url, urlhaus.abuse.ch/url/2777824/; classtype:trojan-activity;sid:83640924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777823)"; flow:established,from_client; content:"GET"; http_method; content:"/p"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.93.248.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_08; reference:url, urlhaus.abuse.ch/url/2777823/; classtype:trojan-activity;sid:83640923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777822)"; flow:established,from_client; content:"GET"; http_method; content:"/d"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.93.248.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_08; reference:url, urlhaus.abuse.ch/url/2777822/; classtype:trojan-activity;sid:83640922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777441)"; flow:established,from_client; content:"GET"; http_method; content:"/greenpackage.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"bitkiselurunsiparis.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_03_07; reference:url, urlhaus.abuse.ch/url/2777441/; classtype:trojan-activity;sid:83640541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"75.183.98.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769194/; classtype:trojan-activity;sid:83632294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.188.216.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769195/; classtype:trojan-activity;sid:83632295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.140.100.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769165/; classtype:trojan-activity;sid:83632265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769015)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/jeditor/jeditor.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"www.ojang.pe.kr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769015/; classtype:trojan-activity;sid:83632115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765933)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2024/e_r1.bmp"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"catbaparadisehotel.com.vn"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765933/; classtype:trojan-activity;sid:83629033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765626)"; flow:established,from_client; content:"GET"; http_method; content:"/hitmanpro.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hitman-pro.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765626/; classtype:trojan-activity;sid:83628726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764512)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764512/; classtype:trojan-activity;sid:83627612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764507)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764507/; classtype:trojan-activity;sid:83627607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764508)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764508/; classtype:trojan-activity;sid:83627608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764509)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764509/; classtype:trojan-activity;sid:83627609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764510)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764510/; classtype:trojan-activity;sid:83627610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764511)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764511/; classtype:trojan-activity;sid:83627611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764488)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.188.215.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764488/; classtype:trojan-activity;sid:83627588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757963)"; flow:established,from_client; content:"GET"; http_method; content:"/mobileanjian.apk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.6.5.3"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_02_07; reference:url, urlhaus.abuse.ch/url/2757963/; classtype:trojan-activity;sid:83621063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2755280)"; flow:established,from_client; content:"GET"; http_method; content:"/den4ikyt/spoofer/raw/main/hwid%20spoofer.rar"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_02_02; reference:url, urlhaus.abuse.ch/url/2755280/; classtype:trojan-activity;sid:83618380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754788)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754788/; classtype:trojan-activity;sid:83617888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754787)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754787/; classtype:trojan-activity;sid:83617887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754786)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754786/; classtype:trojan-activity;sid:83617886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754784)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754784/; classtype:trojan-activity;sid:83617884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754785)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754785/; classtype:trojan-activity;sid:83617885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754783)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754783/; classtype:trojan-activity;sid:83617883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754299)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wuy2y3vbxibdfqcs6-kx96nocarzixfd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_31; reference:url, urlhaus.abuse.ch/url/2754299/; classtype:trojan-activity;sid:83617399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2752947)"; flow:established,from_client; content:"GET"; http_method; content:"/app/view/ta.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"118.26.174.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_01_29; reference:url, urlhaus.abuse.ch/url/2752947/; classtype:trojan-activity;sid:83616047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2752434)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/main/build6_unencrypted.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_28; reference:url, urlhaus.abuse.ch/url/2752434/; classtype:trojan-activity;sid:83615534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2750554)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/main/first.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_22; reference:url, urlhaus.abuse.ch/url/2750554/; classtype:trojan-activity;sid:83613654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749981)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/main/windows.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_21; reference:url, urlhaus.abuse.ch/url/2749981/; classtype:trojan-activity;sid:83613081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749973)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/main/eszop.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_21; reference:url, urlhaus.abuse.ch/url/2749973/; classtype:trojan-activity;sid:83613073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749975)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/main/wefhrf.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_21; reference:url, urlhaus.abuse.ch/url/2749975/; classtype:trojan-activity;sid:83613075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748820)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/main/client-built.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_15; reference:url, urlhaus.abuse.ch/url/2748820/; classtype:trojan-activity;sid:83611920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748365)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ifvzub1blhmwsirshbe2wu5b1tus3ls-"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748365/; classtype:trojan-activity;sid:83611465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748363)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yydiodtw09banou13ro8ielf9rcmljxy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748363/; classtype:trojan-activity;sid:83611463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748360)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=11cbyky_wegqjut6afr8jannw7vub-xxf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748360/; classtype:trojan-activity;sid:83611460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748350)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1rqhgsr779gyzvi15p-bmkx8txq4bj-yi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748350/; classtype:trojan-activity;sid:83611450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2746783)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.180.35.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_01_06; reference:url, urlhaus.abuse.ch/url/2746783/; classtype:trojan-activity;sid:83609883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2744516)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.149.127.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_12_26; reference:url, urlhaus.abuse.ch/url/2744516/; classtype:trojan-activity;sid:83607616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2744000)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"123.193.21.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_24; reference:url, urlhaus.abuse.ch/url/2744000/; classtype:trojan-activity;sid:83607100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2743461)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12rmvuwgpj0dzbb3haoaww2lviavhvb4r"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_22; reference:url, urlhaus.abuse.ch/url/2743461/; classtype:trojan-activity;sid:83606561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2743460)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1rfsmrzeanvap2tnmtwrptlepwarwlkge"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_22; reference:url, urlhaus.abuse.ch/url/2743460/; classtype:trojan-activity;sid:83606560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742584)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"177.129.147.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_20; reference:url, urlhaus.abuse.ch/url/2742584/; classtype:trojan-activity;sid:83605684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742518)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1k0bqhrtnu4v1yexoni5p1utyjuohmfzm"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742518/; classtype:trojan-activity;sid:83605618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742516)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1fhqpevblkipshqumjmsbzeetdzhzxv-j"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742516/; classtype:trojan-activity;sid:83605616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2737635)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.184.54.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_12_05; reference:url, urlhaus.abuse.ch/url/2737635/; classtype:trojan-activity;sid:83600735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735437)"; flow:established,from_client; content:"GET"; http_method; content:"/static/automaticamente/index.php"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"wynecare.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_11_27; reference:url, urlhaus.abuse.ch/url/2735437/; classtype:trojan-activity;sid:83598537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735077)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/store.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.globallaborsupply.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2735077/; classtype:trojan-activity;sid:83598177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734988)"; flow:established,from_client; content:"GET"; http_method; content:"/lti_ruby/av/development/insertionsortpro.js"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"lti.cs.vt.edu"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734988/; classtype:trojan-activity;sid:83598088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734981)"; flow:established,from_client; content:"GET"; http_method; content:"/vendor/bin/nobody/clean.it"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"xiangshunjy.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734981/; classtype:trojan-activity;sid:83598081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734979)"; flow:established,from_client; content:"GET"; http_method; content:"/404"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.184.194.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734979/; classtype:trojan-activity;sid:83598079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733771)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.139.249.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_23; reference:url, urlhaus.abuse.ch/url/2733771/; classtype:trojan-activity;sid:83596871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2731357)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"115.165.209.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_16; reference:url, urlhaus.abuse.ch/url/2731357/; classtype:trojan-activity;sid:83594457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2730213)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sjm5t0ktlepibtv3kgaousspnw3zonom"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_13; reference:url, urlhaus.abuse.ch/url/2730213/; classtype:trojan-activity;sid:83593313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2730069)"; flow:established,from_client; content:"GET"; http_method; content:"/cronusxd/update/releases/download/programa/universal.cheat.all.games.rar"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_11_12; reference:url, urlhaus.abuse.ch/url/2730069/; classtype:trojan-activity;sid:83593169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2728916)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jmvlc342a-9khhwqofk1aticown34bxe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_08; reference:url, urlhaus.abuse.ch/url/2728916/; classtype:trojan-activity;sid:83592016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726994)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1lhnnwoydntgqibsykxwgd32s5xftxvfh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726994/; classtype:trojan-activity;sid:83590094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726921)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1oxpqeutyreby186exx4zeofyz0rjocsp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726921/; classtype:trojan-activity;sid:83590021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726920)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1e2y5yppu_zjj4o3wmuo-2j8n9lbthkzc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726920/; classtype:trojan-activity;sid:83590020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726906)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_ldguopt2cg7fblntw3ltxgtxqtmlflc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726906/; classtype:trojan-activity;sid:83590006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726907)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=10lygpyju_dlg3x6r9oslzgblshakstl-"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726907/; classtype:trojan-activity;sid:83590007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726789)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1zte2ty_wldnnepgomzi6zqqad7moc4kk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_31; reference:url, urlhaus.abuse.ch/url/2726789/; classtype:trojan-activity;sid:83589889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726777)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sqvm1xsoranfnvqst_kkdmn8yhgulm4k"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_31; reference:url, urlhaus.abuse.ch/url/2726777/; classtype:trojan-activity;sid:83589877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726592)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1zqzivoxid6wgvjstzd0lg2vxnpnc-puf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_30; reference:url, urlhaus.abuse.ch/url/2726592/; classtype:trojan-activity;sid:83589692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726432)"; flow:established,from_client; content:"GET"; http_method; content:"/drakeo03/rbxfpsunlocker-x64-hotfix1/zip/refs/heads/main"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_10_28; reference:url, urlhaus.abuse.ch/url/2726432/; classtype:trojan-activity;sid:83589532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2725971)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ctnmusyjuqkrxgvd6uph5ttb4-sb1zxr"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_26; reference:url, urlhaus.abuse.ch/url/2725971/; classtype:trojan-activity;sid:83589071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2724547)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.187.36.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_10_23; reference:url, urlhaus.abuse.ch/url/2724547/; classtype:trojan-activity;sid:83587647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2723186)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nx37rcyoclifch3waaddhuzclyj4ouue"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_23; reference:url, urlhaus.abuse.ch/url/2723186/; classtype:trojan-activity;sid:83586286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2720427)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.213.157.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_14; reference:url, urlhaus.abuse.ch/url/2720427/; classtype:trojan-activity;sid:83583527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2719389)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1satmexzn3qpvqzfxnc-5dtnnn8lihdxh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_12; reference:url, urlhaus.abuse.ch/url/2719389/; classtype:trojan-activity;sid:83582489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2717631)"; flow:established,from_client; content:"GET"; http_method; content:"/112s"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.249.172.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_06; reference:url, urlhaus.abuse.ch/url/2717631/; classtype:trojan-activity;sid:83580731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713178)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.82.211.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713178/; classtype:trojan-activity;sid:83576278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713150)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.131.101.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713150/; classtype:trojan-activity;sid:83576250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2705628)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"90.68.161.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_08_20; reference:url, urlhaus.abuse.ch/url/2705628/; classtype:trojan-activity;sid:83568728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2704162)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.36.68.156"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_08_13; reference:url, urlhaus.abuse.ch/url/2704162/; classtype:trojan-activity;sid:83567262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2699237)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.135.142.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_08_05; reference:url, urlhaus.abuse.ch/url/2699237/; classtype:trojan-activity;sid:83562337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2695319)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.214.56.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_08_01; reference:url, urlhaus.abuse.ch/url/2695319/; classtype:trojan-activity;sid:83558419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2693150)"; flow:established,from_client; content:"GET"; http_method; content:"/housenetshare.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"stdown.dinju.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_07_31; reference:url, urlhaus.abuse.ch/url/2693150/; classtype:trojan-activity;sid:83556250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2687872)"; flow:established,from_client; content:"GET"; http_method; content:"/new.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"resourceedge.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_07_22; reference:url, urlhaus.abuse.ch/url/2687872/; classtype:trojan-activity;sid:83550972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2684828)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.100.50.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_07_18; reference:url, urlhaus.abuse.ch/url/2684828/; classtype:trojan-activity;sid:83547928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678477)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"83.234.203.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678477/; classtype:trojan-activity;sid:83541577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2676880)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/id3/qmydsnl.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"lostheaven.com.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_07_05; reference:url, urlhaus.abuse.ch/url/2676880/; classtype:trojan-activity;sid:83539980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2676879)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/id3/apctntoca.bmp"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"lostheaven.com.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_07_05; reference:url, urlhaus.abuse.ch/url/2676879/; classtype:trojan-activity;sid:83539979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2675524)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.87.5.2"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_07_02; reference:url, urlhaus.abuse.ch/url/2675524/; classtype:trojan-activity;sid:83538624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661661)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661661/; classtype:trojan-activity;sid:83524761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661657)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661657/; classtype:trojan-activity;sid:83524757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661658)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661658/; classtype:trojan-activity;sid:83524758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661659)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661659/; classtype:trojan-activity;sid:83524759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661660)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661660/; classtype:trojan-activity;sid:83524760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661653)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661653/; classtype:trojan-activity;sid:83524753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661654)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661654/; classtype:trojan-activity;sid:83524754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661655)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661655/; classtype:trojan-activity;sid:83524755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2637944)"; flow:established,from_client; content:"GET"; http_method; content:"/ldr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.38.23.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_05_21; reference:url, urlhaus.abuse.ch/url/2637944/; classtype:trojan-activity;sid:83501044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2618340)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_26; reference:url, urlhaus.abuse.ch/url/2618340/; classtype:trojan-activity;sid:83481440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615901)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.59.133.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_22; reference:url, urlhaus.abuse.ch/url/2615901/; classtype:trojan-activity;sid:83479001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615316)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.177.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615316/; classtype:trojan-activity;sid:83478416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615314)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"194.208.56.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615314/; classtype:trojan-activity;sid:83478414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615287)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.49.47.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615287/; classtype:trojan-activity;sid:83478387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615283)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.65.45.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615283/; classtype:trojan-activity;sid:83478383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615262)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.81.127.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615262/; classtype:trojan-activity;sid:83478362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615260)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.22.237.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615260/; classtype:trojan-activity;sid:83478360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615259)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"201.20.122.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615259/; classtype:trojan-activity;sid:83478359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615258)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.153.20.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615258/; classtype:trojan-activity;sid:83478358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2581006)"; flow:established,from_client; content:"GET"; http_method; content:"/salatikochen/salatapps/archive/refs/heads/main.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_03_22; reference:url, urlhaus.abuse.ch/url/2581006/; classtype:trojan-activity;sid:83444106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2562937)"; flow:established,from_client; content:"GET"; http_method; content:"/b512c9bf0b/rnlgmamvrrbyey3nzb/"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"ns1.koleso.tc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_08; reference:url, urlhaus.abuse.ch/url/2562937/; classtype:trojan-activity;sid:83426037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2545788)"; flow:established,from_client; content:"GET"; http_method; content:"/tedburke/commandcam/archive/refs/heads/master.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_20; reference:url, urlhaus.abuse.ch/url/2545788/; classtype:trojan-activity;sid:83408888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2540034)"; flow:established,from_client; content:"GET"; http_method; content:"/unlockteame/unlimited/zip/refs/heads/main"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_14; reference:url, urlhaus.abuse.ch/url/2540034/; classtype:trojan-activity;sid:83403134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530828)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_05; reference:url, urlhaus.abuse.ch/url/2530828/; classtype:trojan-activity;sid:83393928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2517803)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_25; reference:url, urlhaus.abuse.ch/url/2517803/; classtype:trojan-activity;sid:83380903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2517273)"; flow:established,from_client; content:"GET"; http_method; content:"/1"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_24; reference:url, urlhaus.abuse.ch/url/2517273/; classtype:trojan-activity;sid:83380373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2513697)"; flow:established,from_client; content:"GET"; http_method; content:"/1"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_20; reference:url, urlhaus.abuse.ch/url/2513697/; classtype:trojan-activity;sid:83376797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2504339)"; flow:established,from_client; content:"GET"; http_method; content:"/admin/89wkr/"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"coadymarine.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_01_11; reference:url, urlhaus.abuse.ch/url/2504339/; classtype:trojan-activity;sid:83367439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2466408)"; flow:established,from_client; content:"GET"; http_method; content:"/sys.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"194.38.23.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_12_16; reference:url, urlhaus.abuse.ch/url/2466408/; classtype:trojan-activity;sid:83329508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2441027)"; flow:established,from_client; content:"GET"; http_method; content:"/dl/idr/v3/pub/idrb5event.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"update.itopvpn.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2022_12_01; reference:url, urlhaus.abuse.ch/url/2441027/; classtype:trojan-activity;sid:83304127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2440082)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/raw/master/discord%20rat/resources/token%20grabber.dll"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_11_30; reference:url, urlhaus.abuse.ch/url/2440082/; classtype:trojan-activity;sid:83303182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2440081)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/raw/master/discord%20rat/resources/passwordstealer.dll"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_11_30; reference:url, urlhaus.abuse.ch/url/2440081/; classtype:trojan-activity;sid:83303181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2423598)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_11_17; reference:url, urlhaus.abuse.ch/url/2423598/; classtype:trojan-activity;sid:83286698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2414734)"; flow:established,from_client; content:"GET"; http_method; content:"/core"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cnom.sante.gov.ml"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_11_16; reference:url, urlhaus.abuse.ch/url/2414734/; classtype:trojan-activity;sid:83277834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2414733)"; flow:established,from_client; content:"GET"; http_method; content:"/12"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"cnom.sante.gov.ml"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_11_16; reference:url, urlhaus.abuse.ch/url/2414733/; classtype:trojan-activity;sid:83277833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2408069)"; flow:established,from_client; content:"GET"; http_method; content:"/analytics/zy5ntk/"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"fromthetrenchesworldreport.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2022_11_11; reference:url, urlhaus.abuse.ch/url/2408069/; classtype:trojan-activity;sid:83271169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2407720)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/eaeuutop/"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.globallaborsupply.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2022_11_11; reference:url, urlhaus.abuse.ch/url/2407720/; classtype:trojan-activity;sid:83270820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2403434)"; flow:established,from_client; content:"GET"; http_method; content:"/down/fw/fw.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tengfeidn.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_07; reference:url, urlhaus.abuse.ch/url/2403434/; classtype:trojan-activity;sid:83266534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2296313)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.180.9.57"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_09_07; reference:url, urlhaus.abuse.ch/url/2296313/; classtype:trojan-activity;sid:83159413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2290030)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.92.188.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_09_02; reference:url, urlhaus.abuse.ch/url/2290030/; classtype:trojan-activity;sid:83153130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2274787)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_08_19; reference:url, urlhaus.abuse.ch/url/2274787/; classtype:trojan-activity;sid:83137887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2274783)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_08_19; reference:url, urlhaus.abuse.ch/url/2274783/; classtype:trojan-activity;sid:83137883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2267284)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.38.24.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_08_06; reference:url, urlhaus.abuse.ch/url/2267284/; classtype:trojan-activity;sid:83130384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2255098)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.173.39.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_07_07; reference:url, urlhaus.abuse.ch/url/2255098/; classtype:trojan-activity;sid:83118198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2252574)"; flow:established,from_client; content:"GET"; http_method; content:"/updates1/up.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"1717.1000uc.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_30; reference:url, urlhaus.abuse.ch/url/2252574/; classtype:trojan-activity;sid:83115674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2246119)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.169.235.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_20; reference:url, urlhaus.abuse.ch/url/2246119/; classtype:trojan-activity;sid:83109219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2237418)"; flow:established,from_client; content:"GET"; http_method; content:"/system/gbh/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"airhobi.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_14; reference:url, urlhaus.abuse.ch/url/2237418/; classtype:trojan-activity;sid:83100518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2236625)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sm02zsvdywdotb7rql/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"dhnconstrucciones.com.ar"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_13; reference:url, urlhaus.abuse.ch/url/2236625/; classtype:trojan-activity;sid:83099725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2230406)"; flow:established,from_client; content:"GET"; http_method; content:"/down/newsales/adm_atu.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"palharesinformatica.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2022_06_08; reference:url, urlhaus.abuse.ch/url/2230406/; classtype:trojan-activity;sid:83093506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2227709)"; flow:established,from_client; content:"GET"; http_method; content:"/img/rm0xpx/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"jobcity.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_06; reference:url, urlhaus.abuse.ch/url/2227709/; classtype:trojan-activity;sid:83090809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2218862)"; flow:established,from_client; content:"GET"; http_method; content:"/accesorios/plg/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tecni-soft.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_05_31; reference:url, urlhaus.abuse.ch/url/2218862/; classtype:trojan-activity;sid:83081962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2211781)"; flow:established,from_client; content:"GET"; http_method; content:"/accesorios/xqp/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tecni-soft.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_05_26; reference:url, urlhaus.abuse.ch/url/2211781/; classtype:trojan-activity;sid:83074881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2192744)"; flow:established,from_client; content:"GET"; http_method; content:"/crt/xe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pns.org.pk"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_05_13; reference:url, urlhaus.abuse.ch/url/2192744/; classtype:trojan-activity;sid:83055844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2191248)"; flow:established,from_client; content:"GET"; http_method; content:"/application/phebceg4tx/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"www.ingonherbal.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_05_12; reference:url, urlhaus.abuse.ch/url/2191248/; classtype:trojan-activity;sid:83054348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2143816)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/server.txt"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"linkvilleplayers.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2022_04_12; reference:url, urlhaus.abuse.ch/url/2143816/; classtype:trojan-activity;sid:83006916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2134110)"; flow:established,from_client; content:"GET"; http_method; content:"/0011b9cd240249c3aeb520ea1205eaf1.jpg"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zhengxinpeixun.oss-cn-qingdao.aliyuncs.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2022_04_06; reference:url, urlhaus.abuse.ch/url/2134110/; classtype:trojan-activity;sid:82997210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2124302)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.10.0/xmrig-6.10.0-linux-static-x64.tar.gz"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_03_31; reference:url, urlhaus.abuse.ch/url/2124302/; classtype:trojan-activity;sid:82987402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2086235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gvnzexvvs3vpv0-ihflwnmzmhij3qqly"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_03_09; reference:url, urlhaus.abuse.ch/url/2086235/; classtype:trojan-activity;sid:82949335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2051389)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.142.114.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_02_21; reference:url, urlhaus.abuse.ch/url/2051389/; classtype:trojan-activity;sid:82914489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2048755)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.34.209.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_02_19; reference:url, urlhaus.abuse.ch/url/2048755/; classtype:trojan-activity;sid:82911855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2043048)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.231.226.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_02_14; reference:url, urlhaus.abuse.ch/url/2043048/; classtype:trojan-activity;sid:82906148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1988943)"; flow:established,from_client; content:"GET"; http_method; content:"/ldr.sh|3f|le0943_http"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"194.145.227.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_19; reference:url, urlhaus.abuse.ch/url/1988943/; classtype:trojan-activity;sid:82852043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1961882)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_10; reference:url, urlhaus.abuse.ch/url/1961882/; classtype:trojan-activity;sid:82824982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1960874)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_09; reference:url, urlhaus.abuse.ch/url/1960874/; classtype:trojan-activity;sid:82823974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1915365)"; flow:established,from_client; content:"GET"; http_method; content:"/5j1ae/apmyyqsc6q3p5y/"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"aosafrica.co.za"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_23; reference:url, urlhaus.abuse.ch/url/1915365/; classtype:trojan-activity;sid:82778465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1761107)"; flow:established,from_client; content:"GET"; http_method; content:"/svr_netchecker/server.asp|3f|v_command=3002|7c|26|7c|v_progname=sjptmanagerlauncher.exe"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"server.toeicswt.co.kr"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2021_11_07; reference:url, urlhaus.abuse.ch/url/1761107/; classtype:trojan-activity;sid:82624207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1657096)"; flow:established,from_client; content:"GET"; http_method; content:"/update/ana/update.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.teknoarge.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_06; reference:url, urlhaus.abuse.ch/url/1657096/; classtype:trojan-activity;sid:82520196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1647561)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12ma_yvbmprts6e_vkfnmwikrnwsarqbw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_29; reference:url, urlhaus.abuse.ch/url/1647561/; classtype:trojan-activity;sid:82510661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1624890)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1o9jg3oqyewncoptigwscdbtfmvtfqygj"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_16; reference:url, urlhaus.abuse.ch/url/1624890/; classtype:trojan-activity;sid:82487990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1539372)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.120.211.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_08_16; reference:url, urlhaus.abuse.ch/url/1539372/; classtype:trojan-activity;sid:82402472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1506064)"; flow:established,from_client; content:"GET"; http_method; content:"/ortakmodul/nbys%20asm.net.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"files5.uludagbilisim.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2021_08_04; reference:url, urlhaus.abuse.ch/url/1506064/; classtype:trojan-activity;sid:82369164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1506027)"; flow:established,from_client; content:"GET"; http_method; content:"/nbys.aspx|3f|f=aile_hekimligi/nbys%20ah.net.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"files5.uludagbilisim.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2021_08_04; reference:url, urlhaus.abuse.ch/url/1506027/; classtype:trojan-activity;sid:82369127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1497688)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.164.200.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_08_01; reference:url, urlhaus.abuse.ch/url/1497688/; classtype:trojan-activity;sid:82360788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1469946)"; flow:established,from_client; content:"GET"; http_method; content:"/hajime"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_21; reference:url, urlhaus.abuse.ch/url/1469946/; classtype:trojan-activity;sid:82333046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1459190)"; flow:established,from_client; content:"GET"; http_method; content:"/cliopmq/cluton.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"protechasia.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_16; reference:url, urlhaus.abuse.ch/url/1459190/; classtype:trojan-activity;sid:82322290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1434520)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.205.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_07; reference:url, urlhaus.abuse.ch/url/1434520/; classtype:trojan-activity;sid:82297620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1422022)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1n8_s6gijerearczwh74blkygodig64eo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_07_03; reference:url, urlhaus.abuse.ch/url/1422022/; classtype:trojan-activity;sid:82285122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1422010)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yfqtugahqhqrulwugdekeavffktsl8ci"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_07_03; reference:url, urlhaus.abuse.ch/url/1422010/; classtype:trojan-activity;sid:82285110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1402229)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.230.153.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_26; reference:url, urlhaus.abuse.ch/url/1402229/; classtype:trojan-activity;sid:82265329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1393270)"; flow:established,from_client; content:"GET"; http_method; content:"/downfile.asp|3f|sid=276663/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"www.ysbaojia.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_24; reference:url, urlhaus.abuse.ch/url/1393270/; classtype:trojan-activity;sid:82256370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1391235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sbd1rnw8luztjmsh6gdlzupvyupbopa0|7c|26|7c|revid=0b3yyjts_woklr2vnyxvqohlidxbxn1l2wwjntxfnwvi5v0h3pq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_23; reference:url, urlhaus.abuse.ch/url/1391235/; classtype:trojan-activity;sid:82254335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1378480)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ctmywlj5wouiug1wgizy3ke7yj1u0yor|7c|26|7c|revid=0b_t0-zked1mgagxwmxcwywq5q0q1uk1uoxcwaup6l2ovmtdjpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_19; reference:url, urlhaus.abuse.ch/url/1378480/; classtype:trojan-activity;sid:82241580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1372338)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1alq8r5tnr6wwiftqa3l6d9fymv7y0g9m"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_17; reference:url, urlhaus.abuse.ch/url/1372338/; classtype:trojan-activity;sid:82235438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1352974)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_06_11; reference:url, urlhaus.abuse.ch/url/1352974/; classtype:trojan-activity;sid:82216074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1350517)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1tilqozot07vylvdmmsfs7ia452jwhktj|7c|26|7c|revid=0b7gsmqzks4xkcdjcwhuvatj2qvlvchnmnnovu2ldzstek2jzpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1350517/; classtype:trojan-activity;sid:82213617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1348672)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1etpmpb2shvuny5dxj5awfpxklxqpbzgx"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1348672/; classtype:trojan-activity;sid:82211772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1331376)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1b6t1mjnjcvndcy-mdqq0neqrbocqyju4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_06; reference:url, urlhaus.abuse.ch/url/1331376/; classtype:trojan-activity;sid:82194476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1327898)"; flow:established,from_client; content:"GET"; http_method; content:"/inst77player/inst77player_1.0.0.1.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"softdl.360tpcdn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_06_05; reference:url, urlhaus.abuse.ch/url/1327898/; classtype:trojan-activity;sid:82190998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1319551)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nw1gmzg6lwtuhs0tte969xcfpp9_dc5q"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_03; reference:url, urlhaus.abuse.ch/url/1319551/; classtype:trojan-activity;sid:82182651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1237693)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1z7qhwcozjwehksdhw-yuivac2jzwjqia"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_15; reference:url, urlhaus.abuse.ch/url/1237693/; classtype:trojan-activity;sid:82100793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1237690)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1m8jszvq-ztfrul7vgsb6q-n3ftgnkbdj|7c|26|7c|revid=0bxrhybf9__wnmgjlnmxmunzznlu0v204azc4edmzcep6a0hzpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_15; reference:url, urlhaus.abuse.ch/url/1237690/; classtype:trojan-activity;sid:82100790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1233306)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gv_nk9llqw4fxudo-khja7nuuj1kevvw|7c|26|7c|revid=0b7zefp-g6n7vm0zhowo4be9pvus4mmh0ymxvd3r6zlu3ylznpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_14; reference:url, urlhaus.abuse.ch/url/1233306/; classtype:trojan-activity;sid:82096406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1228961)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1a7jwdzayvxw_d3cgv_n7tjf4sty3ufor|7c|26|7c|export=download"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_13; reference:url, urlhaus.abuse.ch/url/1228961/; classtype:trojan-activity;sid:82092061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1220349)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1h_dyp_d5lst4akyf2qezxl7j1scvbtvs|7c|26|7c|revid=0b5thckui5i0mdk5moelbnm9vuhnydvjnvwpyq01vrg5xvwhrpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_11; reference:url, urlhaus.abuse.ch/url/1220349/; classtype:trojan-activity;sid:82083449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1199812)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uygnpwzzyzn2rodsrimg0-sloxy_letg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_06; reference:url, urlhaus.abuse.ch/url/1199812/; classtype:trojan-activity;sid:82062912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1184754)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ygn4gkmy9musdp_lgnpyjjh6rskt39vp|7c|26|7c|revid=0b8rbgp2bpeofmk5ta3n3mgjtefbzdevwtk5wwhpjd3yruejjpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_30; reference:url, urlhaus.abuse.ch/url/1184754/; classtype:trojan-activity;sid:82047854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181763)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=mep5euraznm5lmjsb2cuzgf1bs5uzxq6l0lnqudflzavns5legu=|7c|26|7c|filename=%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8.exe"; http_uri; depth:199; isdataat:!1,relative; nocase; content:"cfs9.blog.daum.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181763/; classtype:trojan-activity;sid:82044863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181758)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzze5mtk5nubmczezlnrpc3rvcnkuy29toi9hdhrhy2gvmc8xnzawmdawmdawmdauzxhl|7c|26|7c|filename=oleaut32.dll%bf%c0%b7%f9%c7%d8%b0%e1%c7%cf%b1%e2.exe"; http_uri; depth:184; isdataat:!1,relative; nocase; content:"cfs13.tistory.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181758/; classtype:trojan-activity;sid:82044858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181756)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=mdczafhaznmxmc5ibg9nlmrhdw0ubmv0oi9jtufhrs8wlzkwlmv4zq==|7c|26|7c|filename=xp_sp3_%ed%85%8c%eb%a7%88%ed%8c%a8%ec%b9%98.exe"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"cfs10.blog.daum.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181756/; classtype:trojan-activity;sid:82044856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181754)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzze5mtk5nubmczezlnrpc3rvcnkuy29toi9hdhrhy2gvmc8xnzawmdawmdawmdauzxhl|7c|26|7c|filename=oleaut32.dll%ef%bf%bd%ef%bf%bd%ef%bf%bd%ef%bf%bd%ef%bf%bd%d8%b0%ef%bf%bd%ef%bf%bd%cf%b1%ef%bf%bd.exe"; http_uri; depth:232; isdataat:!1,relative; nocase; content:"cfs13.tistory.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181754/; classtype:trojan-activity;sid:82044854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181755)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=metnwe5aznm3lmjsb2cuzgf1bs5uzxq6l0lnqudflzavmc5legu=|7c|26|7c|filename=%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8-cksal16.exe/%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8-cksal16.exe"; http_uri; depth:303; isdataat:!1,relative; nocase; content:"cfs7.blog.daum.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181755/; classtype:trojan-activity;sid:82044855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1167210)"; flow:established,from_client; content:"GET"; http_method; content:"/ldr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.145.227.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_04_25; reference:url, urlhaus.abuse.ch/url/1167210/; classtype:trojan-activity;sid:82030310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1152444)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jpl-uouydm5hypqm67uokyddrblbpxvw|7c|26|7c|revid=0b7zpiprmoc5ubhpwclq0cxdyte5vwtrbymnidznhtgm3bzvrpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_22; reference:url, urlhaus.abuse.ch/url/1152444/; classtype:trojan-activity;sid:82015544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1091105)"; flow:established,from_client; content:"GET"; http_method; content:"/r6x7x6rf.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"travelwithmanta.co.za"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2021_03_25; reference:url, urlhaus.abuse.ch/url/1091105/; classtype:trojan-activity;sid:81954205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1090482)"; flow:established,from_client; content:"GET"; http_method; content:"/r6x7x6rf.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"travelwithmanta.co.za"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2021_03_25; reference:url, urlhaus.abuse.ch/url/1090482/; classtype:trojan-activity;sid:81953582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1040535)"; flow:established,from_client; content:"GET"; http_method; content:"/agha25.tar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"spaceframe.mobi.space-frame.co.za"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2021_03_01; reference:url, urlhaus.abuse.ch/url/1040535/; classtype:trojan-activity;sid:81903635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1009349)"; flow:established,from_client; content:"GET"; http_method; content:"/2017/06/radbxnzdxbd.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"360down7.miiyun.cn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_02_14; reference:url, urlhaus.abuse.ch/url/1009349/; classtype:trojan-activity;sid:81872449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (995049)"; flow:established,from_client; content:"GET"; http_method; content:"/txs9e9.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"buscascolegios.diit.cl"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2021_02_08; reference:url, urlhaus.abuse.ch/url/995049/; classtype:trojan-activity;sid:81858149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (995040)"; flow:established,from_client; content:"GET"; http_method; content:"/txs9e9.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"buscascolegios.diit.cl"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2021_02_08; reference:url, urlhaus.abuse.ch/url/995040/; classtype:trojan-activity;sid:81858140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (986697)"; flow:established,from_client; content:"GET"; http_method; content:"/dcbl8fi.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"library.arihantmbainstitute.ac.in"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2021_02_01; reference:url, urlhaus.abuse.ch/url/986697/; classtype:trojan-activity;sid:81849797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (957784)"; flow:established,from_client; content:"GET"; http_method; content:"/gamewd/yhdl.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"download.caihong.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_13; reference:url, urlhaus.abuse.ch/url/957784/; classtype:trojan-activity;sid:81820884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (936427)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/bxjesdj7w3meuh7iatiurbsgh/"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_12_21; reference:url, urlhaus.abuse.ch/url/936427/; classtype:trojan-activity;sid:81799527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (935625)"; flow:established,from_client; content:"GET"; http_method; content:"/u0eukz.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"abissnet.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_12_21; reference:url, urlhaus.abuse.ch/url/935625/; classtype:trojan-activity;sid:81798725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (788214)"; flow:established,from_client; content:"GET"; http_method; content:"/v2x2vexx.jpg"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"yzkzixun.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_11_05; reference:url, urlhaus.abuse.ch/url/788214/; classtype:trojan-activity;sid:81651314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (754857)"; flow:established,from_client; content:"GET"; http_method; content:"/gfl7i3kp.rar"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"karer.by"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_10_27; reference:url, urlhaus.abuse.ch/url/754857/; classtype:trojan-activity;sid:81617957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (723755)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sites/ci6p05scnuonqslqmehm/"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/723755/; classtype:trojan-activity;sid:81586855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (637433)"; flow:established,from_client; content:"GET"; http_method; content:"/paetools.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"soft.110route.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_10_01; reference:url, urlhaus.abuse.ch/url/637433/; classtype:trojan-activity;sid:81500533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (554647)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/file/x7z9wbk77tt6v9/"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_18; reference:url, urlhaus.abuse.ch/url/554647/; classtype:trojan-activity;sid:81417747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (490516)"; flow:established,from_client; content:"GET"; http_method; content:"/hmatrix/data/hack1226.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cd.textfiles.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_14; reference:url, urlhaus.abuse.ch/url/490516/; classtype:trojan-activity;sid:81353616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (439389)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/statement/ul397wfyb/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"reifenquick.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_24; reference:url, urlhaus.abuse.ch/url/439389/; classtype:trojan-activity;sid:81302489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (438705)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/file/21mnqlvi/oz88535657v7rbazasyth9x8i/"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_21; reference:url, urlhaus.abuse.ch/url/438705/; classtype:trojan-activity;sid:81301805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (436727)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/statement/ul397wfyb/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_19; reference:url, urlhaus.abuse.ch/url/436727/; classtype:trojan-activity;sid:81299827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (434592)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/closed_957176_mxqsdoj6a4iz/close_warehouse/ql55hnq09iyn6lm_334stxvw03wyv/"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_17; reference:url, urlhaus.abuse.ch/url/434592/; classtype:trojan-activity;sid:81297692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (434320)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/hl8-8w4cs-6325/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"reifenquick.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_17; reference:url, urlhaus.abuse.ch/url/434320/; classtype:trojan-activity;sid:81297420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (432117)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/hl8-8w4cs-6325/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_13; reference:url, urlhaus.abuse.ch/url/432117/; classtype:trojan-activity;sid:81295217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426390)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/open-0627720493640-azq24pffjrm/guarded-space/gxkx9t42ra6yf-6x7uyx330389w/"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426390/; classtype:trojan-activity;sid:81289490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (420521)"; flow:established,from_client; content:"GET"; http_method; content:"/css/parts_service/ly944myw/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"hitstation.nl"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_28; reference:url, urlhaus.abuse.ch/url/420521/; classtype:trojan-activity;sid:81283621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322758)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzzcxmzyyqgzzns50axn0b3j5lmnvbtovyxr0ywnolzavmtqwmdawmdawmdawlmv4zq%3d%3d|7c|26|7c|filename=crack-pro20.exe"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"cfs5.tistory.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_08; reference:url, urlhaus.abuse.ch/url/322758/; classtype:trojan-activity;sid:81185858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322465)"; flow:established,from_client; content:"GET"; http_method; content:"/scenic/scenic1/sunset1.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_07; reference:url, urlhaus.abuse.ch/url/322465/; classtype:trojan-activity;sid:81185565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322462)"; flow:established,from_client; content:"GET"; http_method; content:"/flowers/flowers1/smell-the-roses.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_07; reference:url, urlhaus.abuse.ch/url/322462/; classtype:trojan-activity;sid:81185562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (318948)"; flow:established,from_client; content:"GET"; http_method; content:"/fuzzbunch/fuzzbunch/master/payloads/doublepulsar-1.3.1.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_02_26; reference:url, urlhaus.abuse.ch/url/318948/; classtype:trojan-activity;sid:81182048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (242568)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.4.124.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_10_10; reference:url, urlhaus.abuse.ch/url/242568/; classtype:trojan-activity;sid:81105668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240403)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.114.191.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240403/; classtype:trojan-activity;sid:81103503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240036)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.151.143.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240036/; classtype:trojan-activity;sid:81103136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (239019)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.139.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_10_06; reference:url, urlhaus.abuse.ch/url/239019/; classtype:trojan-activity;sid:81102119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (238127)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.248.58.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_05; reference:url, urlhaus.abuse.ch/url/238127/; classtype:trojan-activity;sid:81101227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (237890)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.12.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_05; reference:url, urlhaus.abuse.ch/url/237890/; classtype:trojan-activity;sid:81100990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (217486)"; flow:established,from_client; content:"GET"; http_method; content:"/meteoradminz/hidden-tear/zip/master"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_07_17; reference:url, urlhaus.abuse.ch/url/217486/; classtype:trojan-activity;sid:81080586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (210023)"; flow:established,from_client; content:"GET"; http_method; content:"/opolis.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.opolis.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_06_18; reference:url, urlhaus.abuse.ch/url/210023/; classtype:trojan-activity;sid:81073123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (203280)"; flow:established,from_client; content:"GET"; http_method; content:"/download/qt51crk.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.hseda.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_29; reference:url, urlhaus.abuse.ch/url/203280/; classtype:trojan-activity;sid:81066380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (203157)"; flow:established,from_client; content:"GET"; http_method; content:"/download/qt51crk.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"hseda.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_28; reference:url, urlhaus.abuse.ch/url/203157/; classtype:trojan-activity;sid:81066257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (202114)"; flow:established,from_client; content:"GET"; http_method; content:"/screenmate/cute/sm1302.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.starcountry.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_26; reference:url, urlhaus.abuse.ch/url/202114/; classtype:trojan-activity;sid:81065214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200800)"; flow:established,from_client; content:"GET"; http_method; content:"/releases/zorke_release/zorke_asciiverter_v1.00/zke-ascv.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"nerve.untergrund.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200800/; classtype:trojan-activity;sid:81063900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200798)"; flow:established,from_client; content:"GET"; http_method; content:"/releases/12.2013/nrv-ppwr.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"nerve.untergrund.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200798/; classtype:trojan-activity;sid:81063898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200771)"; flow:established,from_client; content:"GET"; http_method; content:"/razor/rzr-winner_intro.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"chiptune.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200771/; classtype:trojan-activity;sid:81063871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200770)"; flow:established,from_client; content:"GET"; http_method; content:"/releases/zorke_release/zorke_nfo_file_viewer_v1.00/zke-nfoview.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"nerve.untergrund.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200770/; classtype:trojan-activity;sid:81063870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (197801)"; flow:established,from_client; content:"GET"; http_method; content:"/hao123-soft-online-bcs/soft/d/2014-06-12_djylh.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"download.skycn.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197801/; classtype:trojan-activity;sid:81060901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (197800)"; flow:established,from_client; content:"GET"; http_method; content:"/hao123-soft-online-bcs/soft/p/pocketrar350sc.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"download.skycn.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197800/; classtype:trojan-activity;sid:81060900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (186282)"; flow:established,from_client; content:"GET"; http_method; content:"/pub/1003b/patch/patch_data/patch_0.3300/1003b.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"dl.1003b.56a.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_04_27; reference:url, urlhaus.abuse.ch/url/186282/; classtype:trojan-activity;sid:81049382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (170262)"; flow:established,from_client; content:"GET"; http_method; content:"/eng/wp-content/plugins/featurific-for-wordpress/3"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"jointings.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_02; reference:url, urlhaus.abuse.ch/url/170262/; classtype:trojan-activity;sid:81033362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (170261)"; flow:established,from_client; content:"GET"; http_method; content:"/eng/wp-content/plugins/featurific-for-wordpress/2"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"jointings.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_02; reference:url, urlhaus.abuse.ch/url/170261/; classtype:trojan-activity;sid:81033361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (170260)"; flow:established,from_client; content:"GET"; http_method; content:"/eng/wp-content/plugins/featurific-for-wordpress/1"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"jointings.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_02; reference:url, urlhaus.abuse.ch/url/170260/; classtype:trojan-activity;sid:81033360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (121029)"; flow:established,from_client; content:"GET"; http_method; content:"/active/pcclear_eng_mini.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"down.pcclear.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_02_10; reference:url, urlhaus.abuse.ch/url/121029/; classtype:trojan-activity;sid:80984129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (96791)"; flow:established,from_client; content:"GET"; http_method; content:"/gvhr-mmj5u8zn2kc5aoq_nkxhprvvh-t9/"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"aulist.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2018_12_18; reference:url, urlhaus.abuse.ch/url/96791/; classtype:trojan-activity;sid:80959891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (94279)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/20140812/14078161556897.rar"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"static.3001.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_12_13; reference:url, urlhaus.abuse.ch/url/94279/; classtype:trojan-activity;sid:80957379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (91928)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2010-12/03/519808/4cf8bc6362f34.rar"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"p6.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_09; reference:url, urlhaus.abuse.ch/url/91928/; classtype:trojan-activity;sid:80955028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85967)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/rc1veeex.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_28; reference:url, urlhaus.abuse.ch/url/85967/; classtype:trojan-activity;sid:80949067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85881)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/5fg9yjwr.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85881/; classtype:trojan-activity;sid:80948981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85879)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/a9to40e7.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85879/; classtype:trojan-activity;sid:80948979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85878)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/e6i8pdc0.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85878/; classtype:trojan-activity;sid:80948978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85877)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-07/28/117228/4wtjdjio.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85877/; classtype:trojan-activity;sid:80948977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85876)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/zwy1q6k0.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85876/; classtype:trojan-activity;sid:80948976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85874)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/06/98428/07c9mfhe.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85874/; classtype:trojan-activity;sid:80948974; rev:1;) # Number of entries: 20998